Configure a Cloud User Group

Before you begin

Select Cloud as the password database location on the New User Group screen.

About this task

When you configure a user group for an Enterprise 802.1X SSID, the password database always resides in the cloud. For a user group for a Private Pre-Shared Key (PPSK) SSID, the password database can reside in the cloud or on all SSID APs. Use this task to configure a cloud-based user group.

Procedure

  1. Configure Password Settings as follows:
    • Password Type: Select PPSK or RADIUS.
    • Description: Enter an optional description for this user group.
    • Select the Enable CWP Register check box to require users in this user group to log in using a captive web portal. (Only available if a captive web portal is enabled for this SSID.)
    • Generate Password Using: Select any combination of characters that you want to include in the password (Letters, Numbers, and Special Characters).
    • You can then enforce password complexity by choosing All selected character types, Any selected character types, or Only one character type from the drop-down list.
    • For PSK Generation Method, choose Password Only or User String Password. The User String Password option lets you include the user name and a string of characters in front of the generated Private PSKs.
    • Enter the length of automatically-generated passwords for this user group.
    • If the password generation method is Password Only, then the PPSK password can be between eight and 63 characters. If the generation method is User + String + Password, then the maximum passphrase for the Private PSK can be between eight and 31 characters.
    • The Concatenating String field displays if you selected User String Password above. This string is used to generate PPSKs as User name + Character String + Password. For example, if you enter Extreme, as the string, then the generated PPSKs are <User name>Extreme<Password>.
  2. Configure Expiration Settings as follows:
    • Select Require Authentication After to enforce re-authentication after a session has been inactive for a period of time.
    • For Account Expiration, select an option from the drop-down list and complete any fields that ExtremeCloud IQ displays based on your selection. These fields describe the time frame during which the account is valid.
    • Action at Expiration: (Not available for accounts that are set to never expire.)
      • Select Access Rejected to have ExtremeCloud IQ block users from renewing their credentials.
      • Select Show Expiration Message to have ExtremeCloud IQ send users an on-screen prompt that they can use to renew their credentials.
  3. Configure a delivery method as follows:
    • For Deliver Access Key by, select the notification delivery method for members of this user group. You can select Text Messages (SMS), or Email, or both.
    • Select Add Users to see the Add new users to this User Group section. The table includes the number of users assigned to this user group, showing their name, user name, and organization.
  4. Select Add User to add a single user to this user group or Bulk Create to add multiple users at the same time.
    For more information, see Add Users to a User Group.
  5. Select SAVE.

What to do next

If this is part of creating a network policy, return to complete that configuration.