Contents
Configure AD/LDAP integration
Administrators can bulk import MS Active Directory / LDAP group members as users in Device42, and can assign permissions in bulk using local Device42 groups as described below. To begin, first configure your Active Directory Domain or LDAP settings.
The Active Directory/LDAP settings screen can be reached from the Device42 main menu, Tools > Settings > Active Directory Settings. To add users from AD, you must first configure the AD settings. Do this by clicking the “Add Active Directory/LDAP Settings” button, pictured above, and fill out the settings accordingly for your AD or LDAP server:
Add a user or group member (or user) list via AD
Once you have created Active Directory Settings in Device42, you can use the DN for the group (and a valid login) to get the list of all the members (see example below) in that group.
From this screen, simply click the “Add Active Directory Admin” button (highlighted above). Currently the sync only works for members in the AD group itself. Group members that require recursive traversal of sub-groups are not synced.
You can save a group DN properties – and it makes it easier to add new users that you add to that AD group. Just choose the saved DN group as described below and add new users.
Choose members and groups(for permission)
In the above screen shot, the Users are the list of AD users that were displayed as a result of the choices on the prior screen. The Groups are not AD groups. They are Device42 groups.
-
Under Users:, select the Users that you want to add as Device42 administrators, and move them to the right side of the Users dialog. Next, under Groups:, select one or more Device42 groups for these users and move them to the right side of the Groups dialog.
-
Click the “Add…” button, the selected users will become Device42 administrators and will receive the permissions of the selected groups.
Please note that all Device42 users are termed “administrators”. There are no end users of Device42. The only “end users” that are defined in Device42 are users (or owners) of assets inventoried in Device42.
Example – Finding your Group DN in Active Directory
The following example demonstrates finding a group in Active directory. The group DN is: cn=D42ReadOnly,cn=Users,dc=device42,dc=pvt (in this example, group name D42ReadOnly is in the Container named Users).
Under the group properties with “advanced features” enabled in Active Directory Users and Computers – you can go to attribute editor and copy the distinguishedName as shown in the image above.