Add a group with directory-based authentication

Use this procedure to add a group whose users will be authenticated through a directory service. You can give the group access to a subset of resources based on job responsibilities.

Prerequisites
  • Privileges: Infrastructure administrator.

  • The group must exist in the authentication directory service.

  • The credentials of a directory service user.

    The appliance uses these credentials to confirm the user’s permission to access it. The credentials are not saved on the appliance.

  • The directory service must be added to the appliance. For more information, see Add an authentication directory service.

Procedure
  1. From the main menu, select Users and Groups.
  2. Select Actions > Add group.
    NOTE:

    If no authentication directories are configured, a dialog box opens. The dialog box contains a link that starts the procedure for adding an authentication directory.

  3. Enter the data requested on the Add Group screen (For information, see Add/Edit Directory Group screen details):
    1. In the Directory field, designate the authentication directory service by selecting it from the menu of available authentication directories.

      You might be required to log in to an account on the authentication directory service.

    2. For the Group name, do one of the following:
      • If you know the group name, enter it in the Group name field.

        Your entry can be in either the CN or DN format:

        CN example:

        dev.team@example.com

        DN example:

        cn=dev.team@example.com,ou=managed groups,
        ou=accounts,dc=example,dc=com
        NOTE:

        The DN example was split into two lines for readability. Your entry should be on a single line.

      • If you want to select the group from a list of available groups, leave the Group name field empty, and click Select group.

      The Connect to ... dialog box opens.

  4. Enter the credentials to log in to the directory service and validate the connection, and then click Connect.
    NOTE:

    The user name and password are not saved on the appliance.

    If you chose to select the group name from a list of available groups, the Select a Group from ... dialog box opens so that you can do either of the following:

    • Browse for the group name

    • Search for the group name by entering text in the search text field. That text is used to filter for the group name.

      Here examples of search text:

      • cn=dev.team@example.com,ou=managed groups,ou=accounts,dc=example,dc=com
      • cn=dev.team@example.com
      • cn=dev.t*
      • dev.t*
      Otherwise, the Add Group dialog box opens (proceed to step 6).
  5. Select the group from the list, and then click OK.

    The Add Group dialog box opens.

    If you select Cancel, the previous Add Group screen (without an entry for the group name field) opens.

  6. Assign permissions to the users in the group.
  7. Click Add permission if you want to assign the user or group two or more permissions.
  8. Click Add to add the group and return to the Users and Groups screen, or click Add+ to add another group.
  9. Verify the new configuration on the Users and Groups screen.