Your organization may want to have users authenticate to Lumeta Enterprise Edition using Active Directory (AD). This arrangement––with an assist from you––maps AD user-rights to the Lumeta system and controls what individual users can see and control when logged in to a Lumeta Command Center. Your contribution is to tell the Lumeta system how to apply rules to map groups, organizations, and roles by creating a csv group mapping file. The group mapping file you create specifies the mapping.
| Tip |
|---|
For more on organizations, roles, and permissions, see the About Organizations, Zones & Users page. |
| Info | ||||||
|---|---|---|---|---|---|---|
| ||||||
In the groupmapping mechanism, a list of AD groups separated by the pipe symbol (|) can now be set as 'superuser' (or the column can be left blank).
When an AD (new) user logins into Lumeta, a user account is created along with roles mapped to the user's AD groups. If these AD groups are defined as 'superuser', all the users in AD group will be designated at Lumeta superusers. Changes to groupmapping data take effect when the users associated with those records login to the Lumeta system. |
Let's assume, for example, that Active Directory contains (or has defined) these groups and we want to assign users to particular roles in Lumeta, remembering that each Lumeta role is always paired with an organization defined in Lumeta.
|
|
|
...
security|apac,Viewer/EMEA
CSV File Rules
The rules we've introduced are as followfollows:
- Each line in the group mapping file starts with a list of AD groups followed by a role/organization pair.
- If there is more than one group, separate by a vertical bar (|)
- Each role must be paired with its organization, separated by a forward slash (/)
- Users are assigned roles for every in which their AD groups match
...