Delegate on-boarding/off-boarding tasks (user creation and removal)
-
Hello!
I'm using PFsense, and would like to delegate the creation/removal of non-privileged users to a different team. However, to the extent that is possible, I'd like to remove any other privileges to this team.
They should simply be able to:
-
create new users (limited privileges + cert)
-
Remove users (ideally, just non-privileged users)
-
Update the password of non-privileged users (i.e., "password reset")
-
Export the corresponding OpenVPN profile
In other words, I'd like to be able to delegate some usual IT functions to a specific group, without giving them the privileges to mess around with the whole pfsense installation.
Thoughts?
Thanks!
Regards,
Fernando -
-
You probably want to use an external authentication server for that.
https://docs.netgate.com/pfsense/en/latest/usermanager/authentication-servers.html
Steve
-
Thoughts?
-
MS AD Server or VM with LDAP & Radius role
-
LDAP Server & Radius Server based on Linux or BSD
-
MikroTik RouterOS with user manager (RB1100AHx4 (ARM))
-
pfSense with captive portal and the only have allowed to enter the CP menue for managing.
-