User Context Filters
User Context Filters are used in Privilege Manager to manage policies based on user or group contexts. Furthermore, policies can be configured with inclusion and exclusion filters to limit the users affected.
In the Conditions tab of a policy, filters can be applied as inclusion filters, specifying that a policy only applies to users in a specific Active Directory (AD) group, or as exclusion filters, specifying that a policy applies to everyone except the users in a specific AD group. Refer to Using Inclusion and Exclusion Filters.
It is best practice to duplicate and modify existing filters instead of altering built-in ones to prevent overwriting during upgrades.
| Filter Type | Platforms Supported | Description |
|---|---|---|
| User Context Filter |
Windows macOS Linux/Unix |
The User Context Filter ensures that Active Directory (AD) and Azure AD security groups can be targeted. Refer to Using the User Context Filter. |
| User Context Filter via SID | Windows |
The Group Name and Group SID options of the User Context Filter via SID allows you to target an account (user or group) even if that account has not yet been inventoried in the server. The Group SID option is used if Azure AD synchronization has not yet happened, but the group SID is known. Refer to Using User Context Filters via SID. |
| Jamf Connect User Context Filter | macOS |
If Jamf Connect is used to connect local macOS user accounts to Microsoft Entra ID, the filter can target specific Entra groups in Privilege Manager policies. Refer to Jamf Connect User Context Filter. |
| User Context Filter (noMAD) | macOS |
On macOS endpoints, User Context Filters can target Domain User Groups when endpoints are integrated with NoMAD. Refer to Leveraging the User Context Filter for NoMAD. |
