Request Demo
Features Use Cases About Documentation Contact Request Demo

Users & Groups Overview

Understanding how network users and groups work in Warden

How It Works

Warden manages two types of users: portal administrators (people who log into this web interface) and network users (people who authenticate through your network devices via RADIUS or LDAP).

This section focuses on network users - the folks connecting to your WiFi, VPN, or logging into switches. These are the users your identity providers authenticate.

Good to know: Network users can come from external identity providers (Active Directory, Google Workspace, etc.) or you can create them locally in Warden. Local users are perfect for contractors, guests, or testing.

The Big Picture

User
Group
Policy
Access

Users belong to groups. Groups are referenced in policies. Policies determine what happens when a user authenticates - which VLAN they get, what attributes are returned, and whether they're allowed at all.

Users

Each user in Warden has a username, belongs to one or more groups, and may have additional attributes like an email, phone number, or custom RADIUS attributes.

User Sources

External Identity Providers

Users from Active Directory, LDAP, Google Workspace, or Azure AD are authenticated against those systems. Warden queries the provider to verify credentials - it never stores external passwords.

Local Users

Create users directly in Warden when you don't have an external directory or need one-off accounts. Local user passwords are securely hashed and stored in Warden's database.

Groups

Groups are how you organize users and apply consistent settings. Think of them as containers that define:

  • Who belongs - Users are assigned to groups manually or via sync rules
  • Password policies - Minimum length, complexity requirements, expiration
  • RADIUS attributes - VLAN assignments, bandwidth limits, session timeouts
  • Access schedules - Time-of-day restrictions

Planning tip: Before creating groups, think about how you'll use them in policies. Common patterns include grouping by department (IT, Finance), by role (Admin, Standard User), or by network access level (Full Access, Guest).

Common Scenarios

Department-Based Access

Create groups for each department (Engineering, Sales, HR). Assign different VLANs to each group so users automatically land on the right network segment when they connect.

Contractor Access

Create a "Contractors" group with local users. Set password expiration to match contract end dates. Use time-based restrictions to limit access to business hours.

Guest WiFi

Create a "Guests" group with limited bandwidth via RADIUS attributes. Set short session timeouts so guests need to re-authenticate periodically.

What's Next?

Back to Help Overview