If helpful to others, I have successfully configured JumpCloud RADIUS and Groups to work with a Sonicwall SMA 1000 series VPN box (SMA 6210 specifically). General config steps:
1. RADIUS services configured and working for the Sonicwall SMA in both JC and the SMA.
2. In the SMA RADIUS setup, you need to set the “Match RADIUS Groups by:” option to “filterid(11)”
3. Set up groups in JC with mutually exclusive users in each (ie, users will have different resources they need to access, or limitations on access)
4. Groups you’ll be matching on the SMA for access in JC need to have this RADIUS Reply Attribute added: RADIUS Attribute Name: Filter-Id | RADIUS Attribute Value: [JC group name]
5. On the SMA define the Resources each group should have access to
6. On the SMA add Groups with names that exactly match the group names in JC that you want to have differential access for. To be safe I used group names without spaces in them.
7. On the SMA define the Access Control rules for permit and/or deny access and assign each group to them. NB: a Permit rule does not deny access to things that aren’t included. You need to add explicit Deny rules to prevent access to resources a group should not be able to get to
8. On the SMA you’ll need to set up Realms for each group you want to have differential resource access based on the RADIUS group a user belongs to. Each Realm should have JumpCloud selected as the authentication server
9. Each Realm will also need a Community. In the Community you will then add the appropriate Group to use for the authentication filter. You should remove any “Default” Communities from the Realms after you have added your Group-specific communities.
10. And for each Community you would set up whatever other policies for the VPN that are appropriate for your environment
11. Then test. In the Sonicwall SSL VPN clients, users will need to select the Realm they are part of then provide their JC credentials, and voila, you have your VPN access with different levels of access.