Before you can select domain users, groups, and devices in a cloud-managed Firebox configuration, you must add them to the authentication domain.
There are two ways to add users and groups to an authentication domain:
- Sync users, groups, and devices from an external user database
- Add local users and groups
If you change the configured users and groups for an authentication domain, it could affect devices or services that use the authentication domain.
You cannot manually add local devices to an authentication domain in WatchGuard Cloud.
Sync Users, Groups, and Devices from an External User Database
To sync users, groups, and devices from Active Directory or an LDAP database to your WatchGuard Cloud authentication domain, you must enable and configure directory synchronization. When you configure directory sync, WatchGuard Cloud connects to your external user database and all of your users, groups, and devices are added to your authentication domain at one time.
To use the directory sync feature for Active Directory or an LDAP database, WatchGuard Endpoint Security or the WatchGuard endpoint agent must be installed on your corporate network in a location that has Internet access and that can connect to your LDAP server. The agent enables communication between WatchGuard Cloud and your Active Directory or LDAP database. You specify the computer to use to sync objects from your authentication domain to WatchGuard Cloud when you configure directory sync.
To learn how to sync users and groups, see Sync Users, Groups, and Devices from Active Directory or LDAP.
Add Local Users and Groups
You can add local users and groups to your authentication domain in WatchGuard Cloud. Because you can create only one user at a time, you most commonly do this when you want to create test users or to add only a small number of users.
To learn how to add local users and groups, see Add Local Users to an Authentication Domain and Add Local Groups to an Authentication Domain.