Adding managed clients

Administrator Help | TRITON AP-WEB and Web Filter & Security | Version 8.3.x

Managed clients are the users and computers assigned to a role, whose policies are set by the role's administrators. Directory clients (users, groups, and domains [OUs]), computers (individual IPv4 or v6 addresses), and networks (IPv4 or v6 address ranges) can all be defined as managed clients.

Super Administrators can use the Delegated Administration > Edit Role > Add Managed Clients page to add as many clients to a role as needed. Each client can be assigned to only one policy management and reporting role.

If you assign a network range as managed client in one role, you cannot assign individual IP addresses within that range to any other role. Additionally, you cannot specifically assign a user, group, or domain (OU) to 2 different roles. However, you can assign a user to one role, and then assign to a different role a group or domain (OU) of which the user is a member.


	Note If a group is a managed client in one role, and that role's administrator applies a policy to each member of the group, individual users in that group cannot later be assigned to another role.

When adding managed clients, consider which client types to include.

If you add IP addresses to a role, administrators for that role can report on all activity for the specified machines, regardless of who is logged on.

If you add users to a role, administrators can report on all activity for those users, regardless of the machine where the activity occurred.

Administrators are not automatically included as managed clients in the roles they administer, since that would enable them to set their own policy. To allow administrators to view their own Internet usage, enable self-reporting (see Self-reporting).

If your organization has deployed multiple Policy Servers, and the Policy Servers communicate with different directories, be sure to select the Policy Server connected to the directory containing the clients you want to add.


	Note Best practices indicate that all directory clients in the same role be defined in the same directory.

Select clients for the role:

Under Directory, mark the check box for one or more users.

If your environment uses Active Directory (Native Mode) or another LDAP-based directory service, you can search the directory to find specific user, group, or domain (OU) names. See Searching the directory service from the TRITON Manager.

Under Computer, enter the IP address to be added to this role in IPv4 or IPv6 format.

Under Network, enter the first and last IP addresses in a range in IPv4 or IPv6 format.

Click the right arrow (>) button adjacent to the client type to move the clients to the Selected list.

When you are finished making changes, click OK to return to the Edit Role page.

Click OK on the Edit Role page to cache your changes. Changes are not implemented until you click Save and Deploy.


	Important Delegated administrators with permission to Report on managed clients only, and assigned to multiple roles, will be able to view cloud application data only for their managed clients.