# Configuration A user represents a client certificate that is generated using the CA certificate from the users organization. ### Settings Below is a table of the user settings. | Setting | Description | | ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Name | The name of user. When using single sign-on this should not be changed. | | Email | Email address of user. This will be used to set the Gravatar image for the user and for emailing the users configuration. When using single sign-on this should not be changed. | | Groups | List of groups to associate with user. Group names are case sensitive. | | Pin | The user pin. This will be required when connecting to a vpn server. The user can also set this on the profile download page. | | Port Forwarding | Comma separated list of ports to forward. Format can be `source_port:dest_port/protocol` or `start_port:end_port/protocol`. The destination port can be left out if it is the same as the source port. If the protocol is not included both `tcp` and `udp` will be forwarded. | | Network Link | Comma separated list of network addresses with cidr subnet. This will provision access to a clients local network to the vpn server. | | Client-to-Client Only | Only allow this client to communicate with other clients. Access to routed networks will be blocked. | | DNS Forwarding Server | This will forward dns requests that are a sub-domain of the user such as `search.user.org.vpn`. The dns server must be accessible to the server, this can be done by using the clients vpn address or using a network link if the dns server is on the clients network. Multiple dns servers can be comma separated. | | DNS Forwarding Suffix | Suffix for dns forwarding. A user with a dns of `user.org.vpn` and a dns suffix of node.consul will forward the dns request `search.user.org.vpn` to `search.node.consul` via the dns forwarding server. | | Bypass Secondary Authentication | Bypass all secondary authentication systems such as two-factor authentication and Duo. This is useful for server users. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pritunl.com/kb/vpn/users/configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.