Here in this article we will learn group membership working methodology when user authenticate with the firewall.
Before going through this article, please look into this article and understand how to imports the groups from active directory
Issue: Once the user authenticates with user portal, user is falling under open group instead of his own group under active directory.
First verify users settings in active directory
From Active Directory, go to Start > Administrative Tools > Active Directory Users and Computers > Users. Right-click the required user, select Properties and go to the Member Of tab.
Here in these settings we will be able to understand users primary group and all the other groups.
By default active directory will not send user information of primary group (in the above screenshot it is domain users) to the sophos XG firewall. Once successfully authenticated, the user is imported in Sophos Firewall and mapped to the first group in the list, which is Group A.
Go to Authentication > Users and verify the group of the user.
In case if sophos XG firewall admin did not import the Group A to the firewall, then the user will fall under open group because the group A is not present on the firewall.
Hope this article helps you.