Configure Active Directory Lookups for User Groups

User group information is usually provided to Secure Web Gateway (SWG) by Skyhigh Client Proxy (SCP), which retrieves this information from the operating system. This information is required to enable the appropriate web policy for a user group when you are running SWG.

When the device you are using to work with SWG has not been connected to your corporate network for some time, user group information is lost to SCP. It can still be retrieved through a user group lookup on a synchronized Active Directory (AD) server based on your user name.

For this lookup, you must have been authenticated by SCP before. You must also have Skyhigh Cloud Connector installed and attributes configured for it, see Cloud Connector Config Custom Attributes.

1. On the user interface for Secure Web Gateway, place your mouse pointer over the settings icon in the top right corner, then select Infrastructure > Web Gateway Setup from the drop-down menus.

2. Select Infrastructure > Web Gateway Setup.

3. Next to Set Up Active Directory Group Resolution click Edit. 

4. On the page that appears, make sure memberOf is selected in the attribute field, then select Enable AD Group Resolution. 

You have now configured an AD lookup of user groups that is performed when SCP cannot provide user group information.