Sophos UTM optional settings

Some vendors support returning group information in the RADIUS response using vendor specific attributes. The following procedure describes how to use vendor specific attributes to return group information in a RADIUS response.

To configure the app to send RADIUS group information in vendor-specific attributes, complete the following steps:

  1. In the Admin Console, go to ApplicationsApplications.

  2. Find the application using the Search field and then click its name in the search results.
  3. Select the Sign on tab.
  4. Scroll to the Advanced RADIUS Settings section and then click Edit.
  5. In the Groups Response section, complete the following options:
    1. Select Include groups in RADIUS response.
    2. In the RADIUS attribute subsection, select 26-Vendor specific.
    3. In the Vendor Specific ID field, enter the numeric vendor ID code for your product:
      • Cisco ASA-Group-Policy: 3076
      • Citrix Group-Names: 3845
      • Fortinet Group-Name: 12356
      • Palo Alto User-Group: 25461

      If your vendor-specific ID doesn't appear here, search for it in the documentation for your product.

    4. In the Attribute ID field, enter the numeric attribute ID for your product:
      • Cisco ASA-Group-Policy: 25
      • Citrix Group-Names: 16
      • Fortinet Group-Name: 1
      • Palo Alto User-Group: 5

      If your attribute ID doesn't appear here, search for the group policy attribute in the documentation for your product.

  6. Click Save.

The maximum length of the group membership value is 247 bytes. If the group name length exceeds this limit, it's truncated and partial values are returned. Configure the response as a set of repeated attributes instead of using a single delimited list.