13.3. Assigning Policies to Users

When a user logs in to the Connection Broker, the Connection Broker searches the authentication servers you defined on the Setup > Authentication Servers page for a user that matches the credentials provided by the user.

The Connection Broker then looks on the Configuration > Assignments page for the assignment rules associated with the user’s authentication server. For example, if the Connection Broker authenticated the user in the VDI.VZ domain defined on the Setup > Authentication Servers page, the Connection Broker would look in the VDI.VZ assignment rules.

To assign policies to users in a particular authentication server, click the Edit link associated with that authentication server on the Configuration > Assignments tab. The Edit Assignment form for this authentication server appears, for example as shown in the following figure.


By default, the Connection Broker matches the selection in the Group drop-down menu to the user’s memberOf attribute in Active Directory.


If you modified your groups in Active Directory after you last signed into your Connection Broker, you must sign out and sign back in to have your Connection Broker reflect the authentication server changes.

To assign policies based on the user’s memberOf attribute:

  1. Select the group from the Group drop-down menu.

  2. If you are using locations, select a location from the Client Location drop-down menu.

  3. Assign a role to this group and client location pair by selecting an item from the User Role drop-down menu.

    In Leostream, roles are permissions that control the actions an end user can take on their desktop and the level of access the user has to the Connection Broker Administrator Web interface. A location is a group of clients defined by attributes such as manufacturer, device type, OS version, IP address, etc. For more information on building roles and locations, see Chapters 10 and 13 in the Connection Broker Administrator’s Guide.

  4. Assign a policy to this group and client location pair by selecting an item from the User Policy drop-down menu.

    Leostream supports various different multi-factor authentication systems. If you require MFA, visit the Support Documents tab on the Leostream Documentation page for more information.

If you edit the Default policy, you can leave your Assignments table at its default values and proceed with the example.