The best way to deny users from Active Directory is to use ACLs ( Access control list)
- Under Your proxy section, choose Complete ACLs link.
Your proxy: Complete acl
- Click on New rule, give a name of your rule
- Click on the freshed created rule
- Check the “Deny access” option and click on Apply
- Select the tab Items
- Click on New Proxy object
- In the drop-down list, choose Dynamic Active Directory Group.
- Click on the Browse… button
ACL – Select AD object
- Browse Your Active Directory and choose your desired group.
- Click on Select this group on the table.
ACL – Browse Active Directory
- Click on Add button in order to add this group in your rule.
- Click again on New Proxy object.
- In the dropdown list, choose all and name your group.
- Click on Add button
- These 2 groups means that proxy deny the selected group and “nothing else” that’s why the group All must be added.
- Without this second group, deny users will receive a login popup.
- Click on Apply in order to make rule in production mode.
