In this video, we’ill walk you through how to import Active Directory and LDAP groups into OpenManage Enterprise, assign roles, and configure scope-based access. Before you start, make sure you meet these prerequisites. First, you need to be logged in as an Administrator because only administrators can enable or disable Active Directory and LDAP users.
Next, confirm that a directory service is already connected to the appliance. You can check this under Application Settings, then Users and then Directory Services. For this video, we already have a directory service connected called Sunday. Verify that the Active Directory groups you plan to import have a universal scope. Users from Active Directory or LDAP groups can be assigned one of the standard OpenManage Enterprise roles such as Administrator, Device Manager, or Viewer.
Keep in mind that single sign on applies only when logging into the console. Any actions on devices still require a privileged account on the device itself. If you were using RSA SecureID for multi-factor authentication, make sure your Active Directory or LDAP groups are properly integrated with the RSA server. To start, go to Application Settings, select Users and then click Import Directory Group.
In the Directory Source field, choose the connected directory source from the list. In this example, the available source is an active directory named Sunday. Next, enter your domain, username and password to authenticate and establish a secure connection. and click Finish.
In the Available Groups section, begin typing the first few letters of the group name in the Find a Group search box. As you type, OpenManage Enterprise will display all matching group names under Group Name. Select the checkboxes next to the groups you want to import. Then use the double arrow buttons to move groups between the available list and the selected list. Use the arrows pointing to the right to add groups and the arrows pointing to the left to remove them.
Once you've selected a group you want, you are ready to proceed. Now, assign a role to the group using the Role menu. You can choose Administrator, Device Manager, Viewer or a custom role if one is available. Then click Assign Role. For Device Manager or custom roles, the default scope is All Devices.
If you want to limit access, click Assign Scope and select the specific device groups you want. Once you've assigned roles and scopes, click import. The groups will now appear in the users list. Members of the imported Active Directory groups can now log in using their domain, username and password. Let's log out of the current session. Now log in as a user who belongs to the Active Directory group we just added. Enter the domain credentials, and if everything is set up correctly, access will be granted. Here are a few important things to keep in mind.
Only administrators can manage Active Directory or LDAP users. If a user belongs to multiple groups with different roles, the highest privilege will apply. For example, if a user is in groups with Administrator, Device Manager and Viewer roles, they will be assigned the Administrator role. If a user is in multiple Device Manager groups, they will get access to the combined scope of all those groups. For more information or assistance on OpenManage Enterprise, visit: Dell.com/Support.
