You can add a directory service and configure authentication for the Ops Center portal so that AD groups can access portal functions and products with a single sign-in.
- For LDAP configurations, verify you completed the procedure described in Importing certificates into the Common Services truststore.
- For Kerberos configurations, see Setting up Kerberos authentication for Ops Center before following this procedure.
Note: Whenever you make changes to existing Active
Directory settings, you must do the following:
- Click Sync groups to apply the changes to Active Directory groups configured in Ops Center.
- Click Test connection and Test authentication.
Note:
- The Active Directory entries are added to DN designation. and are displayed with the
- AD users are not visible under and cannot be added to local (non-AD) groups.
- By default, AD group users are assigned the opscenter-user role, which permits them to log in to the Ops Center portal and access the Inventory tab, but not start Ops Center products. To assign a role to an AD group that permits users access to administrative functions outside the Inventory tab and log in to all Ops Center products with full admin privileges, you can assign the opscenter-system-administrator role. See Assigning portal-level roles to Ops Center groups for more information.
- To assign product-level roles to an AD group that permit members to access individual Ops Center products, see Assigning product-level roles from the Ops Center portal for more information.
- Confirm the Active Directory entries appear in .
- Verify Active Directory users can log in. AD users must log in using the sAMAccoutName (no domain).
Using dsquery to obtain user or group DN
You can use the following PowerShell commands to obtain the DN for a user or group.
To get the user DN:
dsquery user
To retrieve the user details (all attributes):
dsquery * user_DN -scope base -attr *
To get the group DN:
dsquery group
To retrieve the group details (all attributes):
dsquery * group_DN -scope base -attr *