The IAG obtains domain users from the AD server in real time. The organization structure of domain users on the IAG is the same as on the AD server. Before obtaining the organization structure on the AD server, choose Access Mgt > Authentication > Web Authentication > Authentication Server and add an AD server.

If the IAG works with the AD server for authentication, including AD SSO and AD third-party authentication, you can view domain users, organization structure, and associated Internet Access Policy.

In Access Mgt > User Management > Local Users, select Domain Users to view information about obtained AD domain users and user groups. The Member and Policy panel displays user group information, including the type and path.

You can view details about each user group and user on the Members tab page. Domain users differ from local users because domain users cannot be edited, moved, or deleted on the IAG.

You can view the Internet access policies associated with AD users and user groups on the Policies tab page, as shown in the following figure.

The Internet access policies are displayed on the Policies tab page. Network access policies are matched in sequence. To change the sequence, click Up or Down.

In the Policies, you can view only the name of Internet access policies, and you need to click a policy to view the details. The policy result set provides an easier way for the administrator to view details about Internet access policies referenced by users and user groups. Click View Resultant Set to integrate the policies referenced by a group and list the detailed settings on the Policies tab page.