Creating an LDAP user group

LDAP user group credentials are stored on the remote server. If you want users in the LDAP user group to be able to log in to the orchestrator web interface using their credentials, you must first create an LDAP connection that the orchestrator uses to connect to the remote server, and then create your LDAP users or LDAP user groups.

If the user is a member of multiple LDAP user groups on the remote server, we recommend creating only one of those LDAP user groups in the orchestrator web interface. If multiple LDAP user groups have been created in the orchestrator web interface, a user that is a member of all of these LDAP user groups logs in to the orchestrator web interface as a member of that LDAP user group which was created first.

To create an LDAP user group:

  1. In the menu, go to the Users section.

    The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

  2. Select the Groups tab.

    A table of LDAP user groups is displayed.

  3. Click + User group.
  4. In the displayed settings area, in the Name field, enter the name of the LDAP user group on the remote server in the user@domain or domain\user format.
  5. In the Role drop-down list, select the role of LDAP users in the group:
    • Administrator
    • Tenant
  6. In the Permissions drop-down list, select the created access permission that you want to assign to the LDAP user group. By default, the LDAP user group gets the Full access permission, which grants full access to the orchestrator web interface.
  7. If you want to enable two-factor authentication for the LDAP user group, select the Two-factor authentication check box. This check box is cleared by default. Users in the LDAP user group must complete two-factor authentication the next time they log in to the orchestrator web interface.

    When two-factor authentication is enabled for a group of LDAP users, authenticated LDAP users are displayed in the table of users. You can disable two-factor authentication for an LDAP user by editing the user.

    You cannot enable two-factor authentication for an LDAP user group if two-factor authentication is disabled for all users.

  8. Click Create.

The LDAP user group is created and displayed in the table.

Page top