Cusna Groups allows to simplify operations and benefits when dealing with users who are member of a teams (for examples companies operating in a multi-tenant office building, or team members working in a flex space).

If you account doesn't have Groups enabled, go to Setup, General and enable Groups.

Once enabled, you can disable Groups only if you don't have any Groups in your account.

Traffic isolation

In order to simplify collaboration among team members, Cusna can assign all Group Members to the same virtual network, making sure their devices can exchange traffic securely but virtually separated form the traffic of other groups or individuals. To achieve traffic isolation for Groups, Cusna relies on VLANs or other techniques offered by the specific WiFi vendor.

Shared vs Individual PSKs

Whenever supported by the WiFi network vendor, Cusna aims to provide each Group member a personal PSK. The advantage of this approach is that you can remove one individual group member without affecting the service of remaining members. Imagine the case of a Company in a multi-tenant office building. If all employees share the same PPSK, when an employee leaves the company you would need to change the PPSK for everybody if you want to block access to ex employees.

For some WiFi vendors (see compatibility table), instead, Cusna assign to each group member the same PSK defined on the belonging group. However, each member has still an individual account on Cusna to simplify SSO integration with Cloud Identity Providers.

You can check if your account is set to use Shared PSKs or Individual PSKs for Groups in the Group setup section, in the General settings page. This setting might not be editable depending on the WiFi vendor you are using.

Bulk operations

Moreover, by using Groups, you can simplify bulk operations on group members:

  • deleting a Group automatically deletes all accounts that belong to that group

  • when using VLANs, updating the Group VLAN automatically updates the VLAN of each single member

  • if you set up Group Start Date, all members accounts will be activate automatically only on that date

  • if you se up a Group End Date, all accounts member of the group will be automatically terminated on that date

Automatically created Group

Some integrations create Group automatically. For example, when a user authenticating via an external SSO belongs to a team/company, Cusna creates automatically a matching Group.

Each Cloud Identity integration has an option to decide if enable or not auto-VLAN management for users and Groups created via the integration.

See an example below:

Global Groups

In some cases, Groups are created without being associated to a specific Location. This happens when Groups are created automatically as part of a self-onboarding integrated with an external Identity Providers and Roaming is also enabled. The Group, for example, may relate to a team whose members needs to be able to access the network in different locations. In this case, the Group is not assigned to a specific location.

Managing Groups manually

Creating Groups

When you create a group you have to enter the following inputs:

  • Location: Groups are valid at the Location level

  • Reference name

  • VLAN (optional): if you chose to set the VLAN manually, a dropdown menu shows the list of VLANs not already in use by other accounts in the same Location (or in the entire Organization if you are working with Roaming mode active). If you select Auto, the VLAN will be assigned automatically to the group.

  • Domain: domain is used in certain integrations to match the domain of self-onboarding members with the Group domain

  • Start Date (optional): if specified, all accounts will be automatically activated only on the specified date

  • Stop Date (optional): if specified, all accounts will be automatically terminated on this date

If your account is configured to use Shared PSK for all Group Members, in the setup screen you can set the Group Passphrase, choosing among

  • auto: the passphrase is generated autoamtically and will be visible in the Group settings once the group is created

  • manually: you can manually enter a passphrase and verify its validity before creating the group

Editing Groups

If you edit a Group VLAN, all accounts will be updated accordingly.

If you edit a Group Termination Date, all accounts member of the group will be updated accordingly.

Deleting Groups

If you delete a Group, all accounts members of the group will be deleted automatically.

Last updated