Configure Auto-login

The auto-login feature allows you to add all/individual users or selected AD groups to any domain, and assign user permissions to them.

1. Select Add/Edit under Actions for the domain you want to configure.



2. Select the Enable Auto Login check box.
   After enabling auto login, clickNext to configure the scope for the users in the selected domain. The scope will be auto-assigned to users logging-in for the first time. If Auto-login is not enabled, then the users must be added manually.


3. To configure Auto-login
   • For all users
     To enable Auto-login for all users, select All Users under Users. The auto login will be enabled to all the users logging into that domain.
   • FOr selected AD groups
     To enable Auto-login for selected AD groups, select Selected groups under Users and type the names of the AD groups as comma separated values. The auto login will be enabled to the AD groups you specify.
   • OpManager searches for the user's presence, under the BaseDN you enter. Under BaseDN field enter the container path to the top-level OU, under which the group's users are present in the AD. It should not point to the DN(path) of the group.
   • For example:
     • Say there are two groups to be configured, 'AdGroup1' and 'AdGroup2'. The users of these groups are present in multiple OUs
     • CN=user1,OU=Admins,OU=TestOU,DC=local,DC=com
     • CN=user2,OU=Operators,OU=TestOU,DC=local,DC=com
     • CN=user3,OU=Guests,OU=Users,OU=TestOU,DC=local,DC=com
   
   • You should enter 'OU=TestOU, DC=local, DC=com' in the BaseDN field (The common path in their hierarchy). The path must have at least one OU/CN, and the group names you configure under domain settings are case-sensitive.
   • Sample query to get baseDN (Container path) for user:
   
   • If LDAP access is not available for all users in your domain, you can configure custom credentials with the 'Use custom credentials for LDAP bind' option. These credentials will be used to execute LDAP queries.
   
   • Enter the user account (with the required permissions) in the active directory to execute LDAP Queries in the domain, under 'Bind User Name' and the corresponding 'Bind Password'.
   • This is how the configuration details should look like for the example mentioned above,
   
Note:
• Multiple AD Group names can be mentioned as comma seperated values. If a new group with a different scope to be added, make use of the '+' icon.



• The credential provided should have LDAP Query permission and permission to read the 'memberOf' property.
4. Once you enable Auto-login, select the Users and User Permissions for the domain, edit the Time zone if required, and click Next. During autologin, the selected modules and scope can be assigned for the AD user.
5. To configure Scope,
   Modules - You can select the add-on modules that you want the user to have access for. Monitor - You can provide this user access to either All Devices, or only Selected Business Views. If All Devices is selected, the user will have access to all the devices in OpManager module. If Selected Business Views is selected, you can give the access to all business views with "Select All" option and business views without title with Untitled option.
6. Save the settings.

Edit Domain Settings

Once you create a domain and assign users, you can edit the configurations as required any time. You can add or delete AD users/groups, edit the user permissions, and also edit the scope settings.

Click on the 'Plus' icon next to the domain of your choice to add new AD groups to it.

Select Edit under Actions for the domain you want to edit, change the timezone as per your requirement, and click 'Save'.

1. Click on the arrow mark next to the name of your domain to display all AD groups under it.
2. Click on the 'Edit' icon next to the group you wish to edit, select the Users and User Permissions for the domain, and click Next.
3. To edit a particular user/group in a domain, select Edit under Actions for the domain you want to edit.
4. User Permissions for the AD groups can be edited by selecting either Read Only (Operator User), Full Control (Administrator User) or selecting a Custom User Role with the chosen level of access. 



5. To configure Scope,
   
   • Modules - You can select the add-on modules that you want the user to have access for.
   • Monitor - You can provide this user access to either All Devices, or only Selected Business Views. If All Devices is selected, the user will have access to all the devices of NetFlow, NCM, and Firewall. If Selected Business Views is selected, you can give the access to all business views with Select All option and business views without title with Untitled option.
   
6. Save the settings.
7. To delete a group, just click on the 'Delete' icon next to it.
   For AD Authentication, we support on-premise AD with LDAP query access to the domain controller in the network.