Set up external authentication systems for user groups.
When linking with an external authentication server, if using together with Active Directory as an external authorization server, user permissions can be managed by using the Active Directory groups (authorization groups) registered on the external authorization server. In this case, user permissions are specified for each group.
- The server must be linked to an external authentication (authorization) server.
- The Ops Center Analyzer server must be configured to support group authentication, which activates the Groups folder in the GUI.
- The Ops Center Analyzer user group must exist on the external authentication (authorization) server. It is recommended that domain and group information be acquired from the external authentication server administrator.
- From the Administration tab, select Users and Permissions.
- Click the Groups folder to display the Domain List. This is a list of external authentication servers listed by domain name, and host name or IP address. If the Groups folder is not displayed, see the prerequisites above.
- Select the desired Domain Name to display the Group List, which may be empty ('No Groups' is displayed). Click Add Groups.
-
Enter the
Distinguished Name for the group. Use
Check DN to verify a correct DN entry. Click
Ok to save your group and redisplay the
Group List. Note that the
Group Name is derived from the entered DN. To specify multiple groups, note that:
- You can add multiple DNs at the same time using the "+" button.
- If multiple DNs are listed, you can remove an entry with the "-" button.
- Reset clears all DN entries.
- From the Group List, click the Group Name link, then click Change Permission and set the Ops Center Analyzer permissions for the group (repeat this step for each new group).
- Your groups will now be visible from the Administration tab, User Groups. You can affiliate the groups with resource groups and roles, just like Ops Center Analyzer user groups. If you delete external authentication groups from Users and Permissions at a later time, the groups are also removed from the User Groups list.
On the next login attempt by each group member, the login credentials (user ID and password) will be validated using the external authentication (authorization) server.
Tip:
To delete registered authorization groups, select the check boxes of the groups to be deleted, and then click Delete Groups.