A user represents a client certificate that is generated using the CA certificate from the users organization.

Settings

Below is a table of the user settings.

Setting	Description
Name	The name of user. When using single sign-on this should not be changed.
Email	Email address of user. This will be used to set the Gravatar image for the user and for emailing the users configuration. When using single sign-on this should not be changed.
Groups	List of groups to associate with user. Group names are case sensitive.
Pin	The user pin. This will be required when connecting to a vpn server. The user can also set this on the profile download page.
Port Forwarding	Comma separated list of ports to forward. Format can be `source_port:dest_port/protocol` or `start_port:end_port/protocol`. The destination port can be left out if it is the same as the source port. If the protocol is not included both `tcp` and `udp` will be forwarded.
Network Link	Comma separated list of network addresses with cidr subnet. This will provision access to a clients local network to the vpn server.
Client-to-Client Only	Only allow this client to communicate with other clients. Access to routed networks will be blocked.
DNS Forwarding Server	This will forward dns requests that are a sub-domain of the user such as `search.user.org.vpn`. The dns server must be accessible to the server, this can be done by using the clients vpn address or using a network link if the dns server is on the clients network. Multiple dns servers can be comma separated.
DNS Forwarding Suffix	Suffix for dns forwarding. A user with a dns of `user.org.vpn` and a dns suffix of node.consul will forward the dns request `search.user.org.vpn` to `search.node.consul` via the dns forwarding server.
Bypass Secondary Authentication	Bypass all secondary authentication systems such as two-factor authentication and Duo. This is useful for server users.