Authentication using domain accounts

To enable users to perform authentication in the KUMA web interface using their own domain account credentials, perform the following configuration steps.

  1. Enable domain authentication

    Domain authorization is disabled by default, and a domain connection is not configured.

  2. Configure a connection to the domain controller.

    The following connections are available:

    The AD and ADFS connection settings can be configured at the same time.

    You can connect to one domain only.

  3. Add groups of user roles.

    You can specify a domain group for each KUMA role. After performing authentication using their domain accounts, the users from this group get access to the KUMA web interface in accordance with the specified role.

    The application checks whether the user's group matches the specified filter in the following order of precedence of roles in the KUMA web interface: Junior analyst → Tier 1 analyst → Tier 2 analyst → Tenant administrator → General administrator. Upon the first match, the application assigns a role to the user and does not check any further. If a user matches two groups in the same tenant, the role with the most privileges is used. If multiple groups are matched for different tenants, the user will be assigned the specified role in each tenant.

    When you click on Tenant:

    • Under the tenant, the entire list of roles and groups that belong to this tenant is expanded.
    • Under the row that contains the name of the tenant, the total number of roles and the total number of groups belonging to this tenant, rows with the name of the tenant, the name of the role and the name of the group are displayed.
    • Duplicate names of roles and groups are merged when copying and adding a filter (that is, if a junior analyst role, group 1 belongs to a tenant, when trying to add or copy the same entry (junior analyst role, group 1) from another tenant, only one junior analyst role, group 1 entry will be present in the table, without duplicates.
    • Roles are sorted in descending order of seniority.

    You can copy the configured user roles and their corresponding groups to another tenant by selecting the check box next to a user role and clicking the Copy to tenant button. This opens a window with a list of available tenants. When copying user roles:

    • You can select one or more roles within a tenant to copy settings.
    • You can copy an entire tenant with its configured roles and groups.
    • You can copy settings to several tenants at the same time, but only from one tenant.
    • The Shared tenant and the tenant from which you are copying cannot be selected in the list of available tenants.

    After their first authentication, all domain users gain access to the default space, which is specified in the Spaces permissions section.

    If necessary, you can delete multiple tenants or user roles with their groups at the same time. To do so, select check boxes next to the entities that you want to delete and click the Delete button. You can delete selected roles within a tenant or from different tenants.

Special considerations for logging in after configuring domain authentication

For successful authentication, the following conditions must be met:

If you complete all the configuration steps but the users are not able to use their domain accounts for authentication in the KUMA web interface, it is recommended to check the configuration for the following issues:

In this section

Enabling and disabling domain authentication

Configuring connection between KUMA and FreeIPA

Configuring connection between KUMA and Active Directory

Configuring connection between KUMA and Active Directory Federation Services

Page top