Skip to main content
Start a Conversation

Solved!

Go to Solution

gourid68469

1 Rookie

 • 

1 Message

77

May 6th, 2025 04:20

about scg

  1. is it scg product limitation to only create 1 local admin account?
  • Can we create a 2nd admin account?

 

2. if (1) is not allowed to create another local admin account, and the alternative is to create a ldap admin account.
Then is there role based access control to limit the account to only perform certain tasks(like changing password only, read only access and etc)

Dell-Martin S

Moderator

 • 

3.5K Posts

May 6th, 2025 13:21

Hi,



1. Local Admin Account Limitations

  • Yes, Dell SCG typically restricts creation to a single local admin account by default for security reasons.
  • Creating a second local admin account is usually not supported in standard configurations.

2. Alternative: LDAP/Active Directory Integration

  • Yes, Dell SCG supports LDAP/AD integration for additional admin accounts.
  • You can create multiple admin accounts via LDAP instead of local accounts.

3. Role-Based Access Control (RBAC)

  • Yes, Dell SCG supports RBAC for LDAP accounts, allowing granular permissions such as:
    • Read-only access (view logs, reports, but no changes)
    • Limited admin (e.g., password resets, basic troubleshooting)
    • Full admin (complete control)
  • Local admin accounts typically have full privileges and cannot be restricted via RBAC.

Recommendation:

  • Use LDAP for multiple admins with RBAC instead of local accounts.
  • Check Dell SCG documentation for exact RBAC configuration steps (varies by firmware version).

Setting Up LDAP/RBAC in Dell SecureConnect Gateway (SCG)

Step 1: Configure LDAP/Active Directory Integration

  1. Log in to Dell SCG as the local admin.
  2. Navigate to:
    • Settings → Authentication → LDAP/AD Configuration
  3. Enter LDAP/AD details:
    • Server IP/Hostname (LDAP/AD server)
    • Base DN (e.g., DC=example,DC=com)
    • Bind DN & Password (service account for LDAP queries)
    • User/Group Search Filter (e.g., (memberOf=CN=SCG-Admins,OU=Groups,DC=example,DC=com))
  4. Test & Save the connection.

Step 2: Define Role-Based Access (RBAC)

  1. Go to:
    • Settings → User Roles (or Access Control)
  2. Create custom roles (e.g., "Helpdesk-ReadOnly," "Password-Admin"):
    • Read-Only Role: Enable only "View Logs," "View Reports."
    • Limited Admin Role: Enable "Password Reset," "Basic Troubleshooting."
    • Full Admin Role: Keep default (all permissions).
  3. Map LDAP Groups to Roles:
    • Assign LDAP groups (e.g., SCG-Helpdesk) to the "Helpdesk-ReadOnly" role.

Step 3: Verify & Test

  1. Log out and try logging in with an LDAP account.
  2. Confirm the user only sees permitted functions (e.g., no "Delete" options for read-only).

Troubleshooting Tips

  • If LDAP fails, check:
    • Firewall rules (SCG needs access to LDAP/AD ports: 389/636).
    • Time sync (Kerberos requires time synchronization with AD).
  • For granular permissions, review Dell SCG Admin Guide for your firmware version.

 

Was this post helpful?

View All

No Events found!

Top