User Group Definition Tab
The User Group Definition tab is under User Management > User Accounts. User Groups can be created, edited, and deleted under this tab. User Group features are addressed in this section.
Password TTL (Days): Defines the maximum time allowed for the use of passwords for users in the configured user group. When a user's password reaches its TTL, they are forced to change it the next time they log in. Setting this feature as -1 means that the password of the users in this group will never expire. If this value is set to 0 (zero) or left empty, the user group, and consequently the users, will be ignored during the password expiration control.
Autonomous Group: This checkbox defines the autonomous users’ group (e.g., script users). This group’s users may be excluded from RADIUS logs in order to avoid creating a log flood. These users’ passwords never expire.
Direct Access: When Kron PAM is configured as a AAA or TACACS+ server for devices with AAA with TACACS+ protocol, the Direct Access checkbox needs to be checked. All connections should go through Kron PAM.
Console Access: Similar to the Direct Access permission, this checkbox gives the AAA and TACACS+ devices console access.
Admin Group: This checkbox gives admin rights to all users belonging to that user group.
Approval Required: This checkbox sets a managerial approval requirement for SSH/RDP/SFTP connections for all users belonging to the group. The Group Manager needs to approve the SSH/RDP/SFTP connections of other users.