Multiple User-Destination Pairings

Creating policy rules that map many users to destinations, such as pairing users with their personal workstations, is time-consuming and difficult to manage. Administrators can now create identity objects for Okta, Azure, and Axis IdP that contain multiple pairs of users and domains or IP addresses they would like to allow them to access. The admin is able to add an identity object with all the user-destination pairings to one policy rule, and each user/group will be able to access only the destinations they were matched to.

Step 1: Create an Identity Object

Follow the instructions here to create an identity object.

Step 2: Add Multiple User-Destination Pairs

  1. In the New Identity dialog add a name for the identity object.
  2. Add a description (optional).

Users and Groups

  1. Click the toggle next to Pair users or groups with specific destination addresses.
1304
  1. Add users/groups and their destinations. Click Add a User/ Group to add more pairs.
1314

Importing User-Destination Pairings from a CSV

You can create a CSV file with the user-destination pairings and import it into the identity object form.

📘

Notes

  • These will override any existing pairings.
  • You can add up to 2,000 entries for each CSV file.

To import a CSV file with user-destination pairing:

Step 1: Download and modify CSV file

  1. In the New Identity Object dialog click Import.
1310

The Import Identities and Addresses via CSV dialog appears.

1042
  1. Click Download CSV Template.
  2. Open the downloaded CSV file.
  3. Delete the explanation and example rows as shown in the following screenshot:
3350
  1. Enter the information as shown in the following table.

📘

Note

Headers marked with an asterisk (*) are required for importing the data.

FieldDescriptionExample
Identity Type*Enter the identity type: user or groupUser
Identity Name*Enter the name given to the user or groupbobjones
Destination Address*Enter an IP or domain address10.1.1.1

Step 2: Upload the CSV file to Axis Security

To upload the CSV file:

  1. In the New Identity Object dialog click Import.
1310

The Import Identities and Addresses via CSV dialog appears.

1042
  1. Click Upload CSV File and attach the modified CSV file.

Step 3: Finalize import

  1. Click Submit.
  2. Click Apply changes-> Commit changes.

Troubleshooting User-Destination Pairing Import

The following table describes errors in pairing imports and how to manage them.

ErrorSolution
Missing information- Type field can’t be emptyMake sure the Type field is populated for all user-destination pairings
Identity type “” is invalidMake sure to enter either "user" or "group"
Missing information - Identity Name field can't be emptyMake sure the Identity Name field is populated for all user-destination pairings
The user “” does not exist in the IdPMake sure the spelling is correct
The group “” does not exist in the IdPMake sure the spelling is correct
Missing information - Destination Address field can't be 
emptyMake sure the Destination Address field is populated for all user-destination pairings
Destination Address “” is invalidMake sure the field includes a valid domain or IP address