Add an Active Directory Group

Active Directory group members can log in to the management console and perform tasks based on the permissions assigned to the group. The group can authenticate against either a domain or domain controller. Upon logging into BeyondInsight, users can select a domain from the Log in to list on the Login page.

The Log in to list is only displayed on the Login page when there are either Active Directory or LDAP user groups created in the BeyondInsight console. The Log in to list is displayed by default, but may be disabled / enabled by an admin user by toggling the Show list of domains/LDAP servers on login page setting from Configuration > System > Site Options page.

Active Directory users must log in to the management console at least once to receive email notifications.

  1. Navigate to Configuration > Role Based Access > User Management.

Screenshot of Create a New Group in BeyondInsight

  1. Under Groups, click Create New Group.
  1. Select Add an Active Directory Group.

 

 

Screenshot of Active Directory Group Search box where you can select a Credential.

  1. Select a credential from the list.

If you require a new credential, click Create a New Credential to create a new credential. The new credential is added to the list of available credentials.

  1. If the Domain field is not automatically populated, enter the name of a domain or domain controller.
  2. After you enter the domain or domain controller credential information, click Search Active Directory. A list of security groups in the selected domain is displayed.

 

The default filter is an asterisk (*), which is a wild card filter that returns all groups. For performance reasons, a maximum of 250 groups from Active Directory is retrieved.

  1. Set a filter on the groups to refine the list, and then click Search Active Directory.
Sample filters:
  • a* returns all group names that start with "a"
  • *d returns all group names that end with "d"
  • *sql* returns all groups that contain "sql" in the name

Screenshot of select Active Directory group and Add Group

  1. Select a group, and then click Add Group.
  2.  

  1. The group is added and set to Active but not provisioned or synchronized with Active Directory. Synchronization with Active Directory to retrieve users begins immediately.
  2.  

Screenshot showing newly added Active Directory group synced and users populated.

  1. Once the group has been synced with Active Directory, you can view the users assigned to the group, as well as unassigned users, by selecting Users from the Group Details section and then using the filters.

 

By default, new groups are not assigned any permissions. You must assign permissions on features and Smart Groups after creating a new group. For more information on permissions and how to assign them, please see Assign Group Permissions.

For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.

Propagate Domain Changes

Edit Settings to Propagate Group Changes to all Users

Domain changes can be propagated to all users in a group. By default, this is set to OFF. When enabled, changes to the preferred domain controller at the group level are applied to all group members.

When creating a new group, we advise turning this setting on by editing the new group details. This ensures that all users in the new group get a Preferred Domain Controller from the initial setup of the group.