Add an LDAP Directory Group

LDAP group members can log in to the management console and perform tasks based on the permissions assigned to the group. The group can authenticate against either a domain or domain controller.

LDAP users must log in to the management console at least once to receive email notifications.

  1. Select Configuration.
  2. Under Role Based Access, select User Management.


Screenshot of Create a New Group in BeyondInsight

  1. Under Groups, click Create New Group.
  1. Select Add an LDAP Directory Group from the list.


Screenshot of Group Details > LDAP Group Search

  1. Select a credential, or click Manage Credentials to edit a credential or create a new one.

For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.


  1. Click Fetch to load the list of Domain Controllers, and then select one.
  2. To filter the group search, enter keywords in the group filter or use a wild card.
  3. Click Search LDAP.

Screenshot of LDAP Group Search results

  1. Select a group, and then click Continue to Add Group.


LDAP Group Search window

  1. Select the Group Membership Attribute and Account Naming Attribute.
  2. Click Add Group.
  1. The group is added and set to Active but is not provisioned or synchronized with LDAP. Synchronization with LDAP to retrieve users begins immediately.

Screenshot showing newly added Active Directory group synced and users populated.

  1. Once the group has been synced with LDAP, you can view the users assigned to the group, as well as unassigned users, by selecting Users from the Group Details section, and then using the filters.


By default, new groups are not assigned any permissions. You must assign permissions on features and smart groups after creating a new group. For more information on permissions and how to assign them, please see Assign Group Permissions.