Directory Groups

AppsAnywhere uses an LDAP connection to be able to READ the AD Group Memberships for the user logging in. These AD groups can then be ‘provisioned’ the applications you require.

We recommend that the following groups should be created in your directory to allow access and application provisioning in AppsAnywhere and for you to be able to grant Admin rights to System and Packaging admins. Other Directory groups can also be imported if required.

AppsAnywhere All Users Group

Group name:

AA_All_Users

Usage:

The directory group used to grant end-users access to AppsAnywhere.

Membership:

We recommend nesting your all staff / student groups into this group.

AppsAnywhere Apps Admins Group

Group name:

AA_AppAdmins

Usage:

The directory group used to grant admin access to AppsAnywhere for your packaging and app deployment team.

Membership:

We recommend adding your project team user accounts to this group.

AppsAnywhere Sys Admins Group

Group name:

AA_SysAdmins

Usage:

The directory group used to grant access to AppsAnywhere system administration. Includes all app admin permissions.

Membership:

We recommend adding your admin user accounts to this group.

Directory Users

Please create the following user/service accounts and directory groups that are required for use with AppsAnywhere.

Please note: all service accounts should be created with the password set to never expire.

Support

Username:

appsanywhere

Usage:

  • A domain account used by AppsAnywhere support for remote access, installation, upgrades and support.

  • Used to login to your AppsAnywhere Portal for support and testing

Permissions Required:

  • Permission to connect to your VPN.

  • Local Administrator rights and RDP access to the Windows Servers*

Password Policy:

  • Reset as per your normal security protocols.

  • Account can later be disabled when not in use, if preferred.

AppsAnywhere

AppsAnywhere Secure Downloads

Username:

appsanywhere_downloads

Usage:

  • A domain account for to enable a SMB mount from the AppsAnywhere appliances to the SecureDownloads share.

Permissions Required:

Read access to the SecureDownloads directory*

Password Policy:

Password should be set to never expire.

AppsAnywhere LDAPS account

Username:

appsanywhere_ldaps

Usage:

  • A domain account for LDAPS queries from AppsAnywhere to your directory.

  • SPN records are required for this account

Permissions Required:

Read permissions for all domain users, computers and groups so they can be used within AppsAnywhere for access and authentication.

Password Policy:

  • Password should be set to never expire.

  • MSA is not supported.

  • Must not contain any special characters (£$%^*@ etc.)

Cloudpaging

Cloudpaging Service Account

Username:

cloudpaging_svc

Usage:

A domain account for running Cloudpaging services on Windows servers.

Permissions Required:

Modify permissions for your Cloudpaging Repository*

Rights to access that repository as a network file share*

Password Policy:

Password should be set to never expire.

MSA is supported if preferred.

*Denotes permissions that cannot be granted at the time of account creation and will therefore need to be granted later in the setup process.