Setting KDS Policies for Users

KDS can create VSA users and Portal Access users based on domain users. This means IT administrators can provide their users the same credential for these applications and manage authentication and authorization from a single location, using the Active Directory domain.

The following KDS user policies can be set for each (user) group in the domain. These policies are applied to all users belonging to the group. They cannot be applied to individual users within a group.

1. Do Not Include Users - Do not create VSA user logons or Portal Access logons for domain users listed in this user group.
2. Create Staff Members - Creates a staff member record. These users can be assigned Portal Access to a machine manually.
3. Create Staff and make Auto Portal Candidates - Designates domain users in this user group as Portal Access candidates. See Making Portal Access Candidates for details.
4. Create VSA Users - Creates VSA user logons for domain users listed in this group.
   • If Create VSA Users is selected, a scope and role must be selected for that user group. You can optionally create a new scope.

Since each domain user can belong to multiple domain user groups, a domain user is assigned the highest ranking VSA logon policy assigned to any user group the domain user is a member of.

• Create VSA Users outranks Create Staff and make Auto Portal Candidates
• Create Staff and make Auto Portal Candidates outranks Create Staff Members
• Create Staff Members outranks outranks Do Not Include Users

Note: A domain user can only be associated with either VSA user logon or a Portal Access logon, but not both at the same time. See Making Changes to KDS Managed User Logons.

KDS user policies are set using the User Policies tab of the Domains page.

Topic 7723: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.