Editing an LDAP user group

You cannot change the type and name of the LDAP user group.

To edit a user group:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Select the Groups tab.

   A table of LDAP user groups is displayed.

3. Click the LDAP user group that you want to edit.
4. In the displayed settings area, in the Role drop-down list, select the role of LDAP users in the group:
   • Administrator
   • Tenant
5. If you want to assign an access permission to an LDAP user group, in the Permissions drop-down list, select the previously created access permission. By default, the LDAP user group gets the Full access permission, which grants full access to the orchestrator web interface.
6. Enable or disable two-factor authentication for the LDAP user group by doing one of the following:
   • If you want to enable two-factor authentication for the LDAP user group, select the Two-step authentication check box. Users in the LDAP user group must complete two-factor authentication the next time they log in to the orchestrator web interface.

     When two-factor authentication is enabled for a group of LDAP users, authenticated LDAP users are displayed in the table of users. You can disable two-factor authentication for an LDAP user by editing the user. If you disable two-factor authentication for an LDAP user group, the LDAP users are no longer displayed in the table of users.

     You cannot enable two-factor authentication for an LDAP user group if two-factor authentication is disabled for all users.

   • If you want to disable two-factor authentication for an LDAP user group, clear the Two-step authentication check box.
7. Click Save.

The LDAP user group is modified and updated in the table.