The Group Policies functionality allows administrators to manage and control Wi-Fi access by defining access policies and rules to automatically assign them to users. This feature enhances network organization, security, and simplifies network access management.
Group Policy setup
Each Group Policy comes with several configurable attributes:
- Name: The Group Policy Name is a label you define for each group policy. This name will appear in the user profile and the user table list, making it easy to identify and organize group policies. The Group Policy Name serves as a reference for administrators to quickly recognize and distinguish between different group policies.
- Access Permission: define if the policy blocks or allows access to the network
Time Restriction Policy: define weather the policy enforce restricted session time limitation or not (unlimited). If the session time is restricted, the user has the option to chose among 3 options:
- Assign a specific Internet Plan: This option allows you to select a specific internet plan from the list of available options.
- Inherit Location Default Internet Plan: This option automatically assigns the default internet plan of the location where the user signed up. In this way, you can customize the internet plan for members of the same group depending on the location where they signed up.
- Require users to obtain a plan (PIN code or plain plans): it does not assign any specific restriction but allows to define that users need a time allowance in order to get authorized. In this case, users need to be provided with an internet plan in a different way to access the network. This option is useful, for example, if you want to offer Wi-Fi access with a pay-per-use model.
For the first two Time Restriction options (Assign a Specific Internet Plan and Inherit from Location), you can also set the Force at Login option.
- If Force at Login is enabled: Any modification to the internet plan configuration in the group will take effect the next time the user logs in. The user will be forced to use the new internet plan settings, replacing any previous plan with the new one. This option will be help to update
- If Force at Login is disabled: Changes to the internet plan will only impact new users assigned to the group. Existing members will continue using their current plan and will not have their plan updated during subsequent logins.
Access Control Settings:
Access control settings allow you to limit the number of simultaneous connections for members of each user group.
- Limit Maximum Concurrent Connections:
This setting defines the maximum number of sessions a user from the group can have at the same time. For example, if you set this limit to "3", each user in that group will only be able to maintain 3 active connections to the Wi-Fi network at any given time. - Radius Service Attributes:
Radius attributes are used for managing user access to the network. These attributes depend on the vendor's supported features and need to be properly configured on the vendor's side.
These parameters can be defined the same for all locations, or you can choose to differentiate them depending on the location where the member is logged in.
Examples of Radius service attributes include:- VLAN
- Filter ID
- QoS (Quality of Service) - Up/Down
Group Policy Deletion and Restrictions
- Deleting a Group Policy: If a group policy is deleted, all associated rules are also deleted.
- Assigned Group Policies: A group policy assigned to users cannot be deleted.
- Default Group Policy: The default user group can never be deleted.
Group Policy Assignment
All users in the Cloud4Wi account, including Guest and Trusted Users, always have a Group Policy assigned, that define the authorization rules to access the network.
- Group Policy assignment: Users are assigned to a group policy based on the defined Rules. There are different set of Rules depending on the type of user.
- Guest Access Rules: ordered set of rules that define which policy to assign to Guest Users (e.g. users signing up form the captive portal). These rules are evaluated when guest registered trough any guest onboarding channel.
- Trusted Access Rules: ordered set of rules that define which group policy to automatically assign to Trusted Users (e.g. users authenticating with a corporate IdP). These rules are evaluated when a Trusted User is added to to the directory and re-evaluated periodically to make sure they reflect any change that may affect the user in the external IdP (e..g MS Entra ID)
- Default Group Policy: Upon account setup, a default group policy is created. Unless a rule specifically assign user to a different Group Policy, users are assigned with the Default Group Policy
- Legacy Users: Users who registered before the Group Policy capability was available, are automatically assigned to the default group policy.