Groups

Groups are used to define roles for specific sets of users in Kasm Workspaces. By default there are two groups created by the system, the Administrators group and the All Users group, the All Users group is the default group for every user where statewide settings can be set.

Groups can be used to specify Kasm images and settings for different sets of users. For example, you may have a custom image for developers with pre-installed developer tools. You can tie that image to a group. You can define settings for that group, such as enabling bi-directional clipboard.

Create Group

Steps to create individual groups for sections of users.

  • Select Groups tab from navigation menu

  • Select Create New Group from the top right of the table

  • Specify Group properties listed below

Group Properties

Name

Provides the name of the group

Description

Provides the description of the group

Priority

Sets the priority of the settings over other groups

Is System

System level group that cannot be deleted

There are cards in the view group page that allow for the selection of its users

../_images/group_users.jpg

Group Settings

Group settings may be changed for the specific group by selecting the groups tab, clicking the edit icon on the desired group and the Add Settings button in the Group Settings card. There are delete setting and edit setting icons to the right of the Setting. If a user belongs to mulitple groups, the setting on the group with the lowest priority takes effect. For settings like volume_mapping, all settings are combined from all groups a user is a member of.

To configure group settings:

  • Log into the UI as an administrator.

  • Select Groups

  • Next to the desired group select View from the actions menu.

../_images/view_group.png

  • Scroll down to the Group Settings panel. Update settings as desired.

../_images/group_settings.jpg

administrator

Allows users to see and edit all attributes of the Kasm application.

allow_kasm_audio

Allow audio streaming for a Kasm.

allow_kasm_clipboard_down

Allows users to paste text from the Kasm to their local computer.

allow_kasm_clipboard_seamless

Allows users to copy and paste text without using Kasm control panel.

This feature is only available on Chrome and Chromium-based client browsers

allow_kasm_clipboard_up

Allow users to paste from their local computer to the Kasm.

allow_kasm_downloads

Allow users to download files from a Kasm.

allow_kasm_microphone

Allow microphone passthrough to a Kasm. When enabled, users can pass their local microphone through to the Kasm session.

allow_kasm_sharing

Allow the user to share access to their session with other users. See Session Sharing for more details.

allow_kasm_uploads

Allow users to upload files to a Kasm.

allow_persistent_profile

Allow the use of persistent profiles if configured on the Kasm Image. See Persistent Profiles for details

allow_point_of_presence

Allow the user to use point of presence features for certain Images.

allow_zone_selection

Allow the user to specify the deployment zone when creating a session. A dropdown will appear on the user dashboard with the available Zones. Auto represents the default behavior which is to provision in current Zone. If a Zone is specified, the request will not search alternate zones if no resources are available in the requested Zone.

auto_login_to_kasm

Sends users directly to kasm using default image after login

chat_history_messages

The number of chat history messages to show when a new user connects to a shared Kasm. Set this value to 0 to disable showing chat history.

dashboard_redirect

If configured, standard users will be redirected to the defined external website instead of being shown the main dashboard screen.

default_image

The default Image used when the /go url is called. The system will create a Kasm with this Image if one if one does not exist. If the user already has a Kasm created with this Image, the session is resumed

display_ui_errors

If enabled, detailed information will be displayed on the client browser in the event of an error.

enable_totp_two_factor

Enables two factor authentication for group. Users will be prompted to set Key on next log on.

enable_ui_server_logging

If enabled, log messages will be sent from client browser to the Kasm Workspaces server.

expose_user_environment_vars

Expose KASM_USER and KASM_USER_ID environment variables inside the Kasm.

idle_disconnect

Disconnect the Kasm connection if idle for this long. Time specified in minutes.

inject_ssh_keys

When enabled the system will inject the user’s SSH public and private keys into new sessions automatically. Users can update their keys via the Profile.

kasm_audio_default_on

Default to audio enabled on Kasm start

kasm_ime_mode_default_on

Default to IME enabled on Kasm start

keepalive_expiration

The number of seconds a Kasm will stay alive unless a keeplive request is sent from the client.

lock_sharing_video_mode

Locks video quality to static resolution of 720p when sharing is enabled. Recommended for best performance.

max_kasms_per_user

The maximum number of simultaneous sessions a users is allowed to provision.

run_config

Specify arbitrary docker run params.

session_time_limit

The amount of time (in seconds) a session will automatically expire. A countdown timer will be displayed to the user.

usage_limit

Limits the total number of hours a user or group can have running sessions.

Type

  • Per User - Each user of the group has their own limit.

  • Per Group - All members share the usage limit.

Interval

  • Daily , Weekly , Monthly , Total.

Hours

  • The number of hours allowed during each interval.

volume_mapping

Map a local server directory to Kasm. Details available in the Volume Mapping Guide

web_filter_policy

Enabled web filtering and sets the Web Filter Policy to be used. Policies can also be set or force disabled on Images. Policies assigned to Images take priority over those defined via Group Settings.

Group Images

Administrators can define which Images are available to each group. By default newly created images are automatically assigned to the All Users group. This behavior can be changed by modifying the Add Images To Default Group global Settings.

../_images/group_images.png

SSO Group Mappings

Administrators can configure the system to automatically map users that authenticate with an SSO provider (e.g SAML, OpenID, LDAP) into Kasm Groups.

If Assign All Users is selected, any user that authenticates with the defined SSO provider will be added to the Kasm group. Otherwise, only users that have the defined Group Attributes passed in by the SSO provider will be added to the group.

These group mappings are evaluated and updated at each user login. If a mapping is defined and a user does not have the group attributes listed, the user will be removed from the group.

../_images/sso_group_mappings.png ../_images/sso_group_mapping_config.png