To enable users to perform authentication in the KUMA web interface using their own domain account credentials, perform the following configuration steps.
Domain authorization is enabled by default, but a connection to the domain is not configured.
The following connections are available:
The AD and ADFS connection settings can be configured at the same time.
You can connect to one domain only.
You can specify a domain group for each KUMA role. After performing authentication using their domain accounts, the users from this group get access to the KUMA web interface in accordance with the specified role.
The application checks whether the user's group matches the specified filter in the following order of precedence of roles in the KUMA web interface: Junior analyst → Tier 1 analyst → Tier 2 analyst → Tenant administrator → General administrator. Upon the first match, the application assigns a role to the user and does not check any further. If a user matches two groups in the same tenant, the role with the most privileges is used. If multiple groups are matched for different tenants, the user will be assigned the specified role in each tenant.
After their first authentication, all domain users gain access to the default space, which is specified in the Spaces permissions section.
Special considerations for logging in after configuring domain authentication
For successful authentication, the following conditions must be met:
If you complete all the configuration steps but the users are not able to use their domain accounts for authentication in the KUMA web interface, it is recommended to check the configuration for the following issues: