All Lumeta users need to have roles (Manager, SysAdmin, Viewer) within organizations that have been defined within Lumeta. There is one existing organization called Organization1 by default. Users can have multiple roles in different organizations.
[ Insert links to section describing roles and organizations ]
Active directory users logging in to Lumeta for the first time will be assigned roles and organizations based on the Active Directory groups they belong to. In order to accomplish this, Lumeta needs to know how to map AD groups to Lumeta roles within organizations. This is where the group mapping file comes in.
For example, if Active Directory assigns users combinations of these groups:
And you’ve defined the following organizations in Lumeta:
And you want these rules to apply to your Lumeta users:
Then you would create the following group mapping file:
vp,Viewer/NA,Viewer/EMEA,Viewer/APAC
admin|na,SysAdmin/NA
admin|emea,SysAdmin/EMEA
admin|apac,SysAdmin/APAC
security|na|emea,Viewer/NA,Manager/NA,Viewer/EMEA,Manager/EMEA,Viewer/APAC
security|apac,Viewer/APAC,Manager/APAC,Viewer/NA,Viewer/EMEA
The group mapping file is in CSV (comma separated values) format with a particular formatting within each field.
All matching rows contribute to a user's roles. In the above example group mapping
Some organizations prefer to have their users authenticate to Lumeta Enterprise Edition using Active Directory (AD). This arrangement transmits AD user-rights to the Lumeta system and controls what individual users can see when logged in to a Lumeta Command Center.
The admin and manager users and see these roles by default.
In the set of example users below, user2 would see groups 2 and 3; user4 would see groups 4, 5, and 6.
To map Active Directory (AD) groups and roles to Lumeta organizations, here's the process.
To configure Active Directory on Lumeta Enterprise Edition:
authentication ad
CLI Command | Description & Example | Likely Order of Operations |
---|---|---|
groupmapping | Maps an Active Directory group to an Organization in Lumeta Enterprise Edition If your Active Directory mapping introduces new Organizations, you will need to create those organizations in the Command Center as follows: | 5 |
configure | Configures an Active Directory authentication server | 1 |
netbios | The netbios is an alias for the hostname used in Active Directory authentication. In this example, the hostname of the Command Center is longer than the maximum number of characters allowed, so AD could not be enabled. In cases like these, use the netbios to serve as an alias for a too-long hostname. This command would create a hostname on the AD server with the name "TestAD." | 3 |
enable/disable | Enables and disables an AD authentication | 4 |
viewconfig | Displays the current AD configuration | 2 |
clearconfig | Clears the current AD configuration | optional |
When an AD user logs in to Lumeta, and browses to Settings > Users, users, groups, and organizations to which he has been given rights in the AD server groupings––and only those––are visible.