Add an LDAP Group

LDAP group members can log in to the BeyondInsight console and perform tasks based on the permissions assigned to the group. The group can authenticate against either a domain or domain controller. Upon logging in to BeyondInsight, users can select a domain or LDAP server from the Log in to list on the Login page.

The Log in to list is only displayed on the Login page when there are either AD or LDAP user groups created in the BeyondInsight console. The Log in to list is displayed by default, but may be disabled / enabled by an admin user by toggling the Show list of domains/LDAP servers on login page setting from Configuration > System > Site Options page.

LDAP users must log in to the BeyondInsight console at least once to receive email notifications.

Create an LDAP Group in BeyondInsight, as follows:

  1. Navigate to Configuration > Role Based Access > User Management.

Create a New Group in BeyondInsight

  1. From the Groups tab, click + Create New Group.

 

  1. Select Add an LDAP Group from the list.

Search LDAP when creating an LDAP Group in BeyondInsight

  1. Select a credential from the list.

If you require a new credential, click Create a New Credential to create a new one. The new credential is added to the list of available credentials.

 

  1. Enter the name or IP address for the LDAP server.
  2. Click Fetch to load the list of Base DNs.

Add Base DN in LDAP Group Search from when adding an LDAP Group in BeyondInsight

  1. If the Base DN list does not populate, manually enter the details and click Add as New Option to populate the list.

 

  1. Select the Base DN.
  2. To filter the group search, enter keywords in the group filter or use a wild card.
  3. Click Search LDAP.

 

Sample filters:
  • a* returns all group names that start with a.
  • *d returns all group names that end with d.
  • *sql* returns all groups that contain sql in the name.

Select LDAP Group from Search results in BeyondInsight

  1. Select a group, and then click Continue to Add Group.

 

  1. Select the Group Membership Attribute and Account Naming Attribute.
  2. Enter a Base Distinguished Name, if not automatically populated.
  3. Click Add Group.

 

  1. The group is added and set to Active but is not provisioned or synchronized with LDAP. Synchronization with LDAP to retrieve users begins immediately.

 

Newly added LDAP group showing synced and users populated

  1. Once the group has been synced with LDAP, you can view the users assigned to the group, as well as unassigned users, by selecting Users from the Group Details section, and then using the filters.

 

By default, new groups are not assigned any permissions. You must assign permissions on features and smart groups after creating a new group. For more information on permissions and how to assign them, please see Assign Group Permissions.

For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.