About adding AD / LDAP user groups in OpsCenter
You can add AD / LDAP domain user groups in OpsCenter and assign user roles to them. All users in the group inherit the same user role and they can access OpsCenter using their AD / LDAP credentials. With this enhancement, you do not need to add and authenticate each user of the group in OpsCenter. Any changes to the user group like addition or removal of a user is automatically reflected in OpsCenter.
Active Directory (AD) is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems.
Active Directory provides a central location for network administration and security. Server computers that run Active Directory are called domain controllers. An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network - assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or a normal user.
Active Directory uses Lightweight Directory Access Protocol (LDAP), which is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
The AD / LDAP user groups that you have added in OpsCenter are listed on the OpsCenter GUI on the tab.
Some important notes and considerations about adding AD / LDAP user groups in OpsCenter:
In OpsCenter, an AD / LDAP user group and a single user can be differentiated with the help of the User column in the Users table.
A single user is indicated as 'Individual' and an AD / LDAP user group is indicated as 'Group'.
If an individual OpsCenter user is a part of an AD / LDAP user group, the user inherits the role that was individually assigned, irrespective of the role of the user group. For example: UserA is added as an OpsCenter individual user. UserA is also part of an AD / LDAP user group called GroupA. The role of UserA is 'Administrator' and the role of GroupA is 'Reporter'. In this scenario, the user role of UserA is always 'Administrator'.
If a user is part of multiple AD / LDAP user groups, the user inherits the highest role in the hierarchy out of all user group roles. For example: UserA is part of three AD / LDAP user groups: GroupA, GroupB, and GroupC. User role of GroupA is 'Administrator', of GroupB is 'Security Administrator', and of GroupC is 'Reporter'. In this scenario, UserA inherits the role 'Security Administrator'.
Subgroups of a user group that you have added to OpsCenter should not contain special characters in their names. Subgroups cannot contain special characters like: ',' , '\', '&', '#', '%', or '*'
For example: You have created two groups called 'ValidGroup' and 'Invalid%Group'. 'Invalid%Group' is added to 'ValidGroup'. 'Invalid%Group' is now a subgroup of 'ValidGroup'. 'ValidGroup' is added to OpsCenter. As 'Invalid%Group' contains special characters in its name, users of this group cannot log on to OpsCenter.
However, if 'Invalid%Group' is directly added to OpsCenter, all of its users can log on to OpsCenter.
User groups with names containing special characters cannot be used as subgroups in OpsCenter.