Authentication by using Active Directory Group Mapping
To configure ADGM
- Navigate to the System > Logins > Security tab..
Ensure that:
- Security Enhanced Functions = Enabled
- Use Active Directory Authentication = True.
- Select System > Logins > Group Mapping and click Edit to edit the mappings. In the first column, assign a Global Group Name, such as Administrators. In the second column, specify a permission. You can map up to 12 different Global Group names.
- To save the changes, click Commit.
- Log in to BMC Defender Server with an Active Directory name that is not currently defined on the System > Logins > Users tab. BMC Defender Server verifies that you are logged in with the permissions that you specified in step 5.
Authentication and assigning access via the Active Directory
The system attempts to authenticate your user name and password in the local login database, the local computer, and the Active Directory. If the system cannot authenticate your user name and password, you receive an Invalid Logon dialog box indicating that you are not registered and cannot proceed.
If the system authenticates your user name and password in the local login database, your access privileges are determined in the local login database.
If the system authenticates your user name and password on your local database or in the Active Directory, your access privileges are determined by your group mapping.
If you are in more than one group configured in the group mapping, you have the highest privileges. For example, if you are in Everyone (mapped to the guest) and also in Administrators (mapped to admin), you have administrative privileges.
To debug configuration issues
A likely reason for misconfiguration is that you are either not in the active directory group that is expected, or you are in multiple groups.
- Login as the user and click System > Prefs.
- To view the groups that have been identified for the user, click the View Global Group Membership link.