Automatically assigning agents to agent groups

Agents can be automatically assigned to an agent group based on the Active Directory groups or organizational units to which they belong.

If you are using this feature, an agent will automatically be assigned to an agent group based on the Active Directory criteria on the agent when the workstation starts up:

  • If the agent’s Active Directory group or organizational unit changes later, the agent will be moved to the corresponding agent group after the workstation is restarted,

  • If only assignment rules have been changed and deployed from the administration console, the agent will automatically be moved to the corresponding group without restarting the workstation.

To automatically assign agents, you must create assignment rules based either on Active Directory groups or organizational units. Verifications will be based on the Active Directory criteria of the host, not of the connected user.

If you want agents to continue being in an agent group regardless of their Active Directory criteria, you can pin them manually to this group.

The Agent groups - Modify privilege is required to create assignment rules.

  1. Select All agents in the Environment > Agents menu, then the Assignment rules tab.
  2. Click on Edit at the top right.
  3. Click on Add rule based on AD group or Add rule based on OU.
    A new row appears.
  4. Enter a Description that would make it easy to recognize this rule.
  5. Click on and select the desired group or OU in the window that appears.
    You can also manually enter the group or organizational unit using LDAP syntax, e.g., OU=Paris,DC=Grey,DC=local.
  6. In the Assign to agent group list, select the agent group to which the workstations of this group or OU will belong.
  7. Create other rules if necessary.
  8. Change the order of rules by scrolling over them to show the arrows on the left. If there are several rules that match an agent’s AD criteria, the agent will be assigned to the agent group in the first matching rule.
  9. Click on Save.
    The icon of the agent group in the left panel becomes , showing that at least one Active Directory assignment rule affects the group.
    In the Agents tab of the agent groups concerned, the names of the assignment rules appear as links that provide direct access to the rules.

  10. Select the Security > Deployment menu, and click on Deploy.
    An agent will be assigned to its group based on its AD create once the agent has retrieved the new configuration and sent back its AD criteria to the agent handler. The workstation may need to be restarted if the changes were made on the Active Directive controller during the user’s session.

Manually pin agents to an agent group if you want them to keep their group regardless of their Active Directory criteria.

  1. In the list of agents, select the agents that you want to pin.

  2. Click on Pin or unpin agents > Pin to group.
    The icon appears in the Pinned column. The agent will continue to belong to this agent group no matter what, even if its Active Directory criteria change. It can only change groups if you move the agent manually or unpin it from the group.

  3. Select the Security > Deployment menu, and click on Deploy.

Unpin an agent from an agent group if you want it to be assigned automatically to an agent group again based on its Active Directory criteria.

  1. In the list of agents, select the agents that you want to unpin from the group.

  2. Click on Pin or unpin agents > Unpin from group.
    The icon disappears from the Pinned column. The agent can now automatically change groups if an Active Directory assignment rule affects it.

  3. Select the Security > Deployment menu, and click on Deploy.