Vunetrix Network Monitor vCloud

Vunetrix Manual: Active Directory Integration

Vunetrix offers a detailed rights management via different user groups. For detailed information please see User Access Rights.

In order to make user management easier, you can integrate an existing Active Directory into Vunetrix in four steps. During this process, you will connect an Active Directory (AD) group with a user group in Vunetrix. All members of your AD group will then be able to log into Vunetrix using their AD domain credentials. Note: You cannot add single AD users to Vunetrix, but only allow access for entire groups. A Vunetrix user will be created automatically for each AD user who logs in to Vunetrix successfully.

Step 1: Prepare Your Active Directory

  • In your Active Directory, please make sure that users you want to give access to Vunetrix are member of the same AD group.
  • You can also organize users in different groups, for example, one group whose members will have administrator rights within Vunetrix, and another one whose members will have read-only rights within Vunetrix.

Step 2: Prepare Your Vunetrix Server

  • Make sure that the computer running Vunetrix is member of the domain you want to integrate it to. You can check this setting in your machine's System Properties (for example, Control Panel | System and Security | System, click on Change settings link).

Step 3: Add Domain and Credentials (optional) to System Settings

  • In the Vunetrix web interface, switch to the System Administration—System and Website settings.
  • In the Active Directory Domain field, enter the name of your local domain. Note: You can only integrate one AD domain into Vunetrix.
  • Optional: Vunetrix will use the same Windows user account used to run the "Vunetrix Core Server Service". By default, this is the "local system" Windows user account. If this user does not have sufficient rights to query a list of all existing groups from the Active Directory, you should provide credentials of a user account with full AD access by using the Use explicit credentials option.
  • Save your settings.

Step 4: Add a New User Group

  • Switch to the User Groups tab (see System Administration—User Groups).
  • Click on the Add User Group button to add a new Vunetrix user group.
  • In the dialog appearing, enter a meaningful name and set the Use Active Directory setting to Yes.
  • From the Active Directory Group drop down menu, select the group of your Active Directory whose members will have access to Vunetrix. If you have a very large Active Directory, you will see an input field instead of a drop down. In this case, you can enter the group name only; Vunetrix will add the prefix automatically.
  • With the New User Type setting, define the rights a user from the selected Active Directory group will have when logging in to Vunetrix for the first time. You can choose between Read/Write User or Read Only User (latter is useful to show data only to a large group of users).
  • Save your settings.

Done

That's it. All users in this Active Directory group can now log in to Vunetrix using their AD domain credentials. Their user accounts will use the Vunetrix security context of the Vunetrix user group you just created.

Notes and Limitations

  • Active Directory users can log in to the web interface using their Windows username and password (please do not enter any domain information in Vunetrix's Login Name field). When such a user logs in, Vunetrix will automatically create a corresponding local account on the Vunetrix core server. Credentials are synchronized every hour.
  • All requests to the Active Directory servers are cached for one hour, for performance reasons. If a password is changed in the Active Directory, you must either wait for 1 hour or clear the cache manually by clicking on the Clear Caches button on the System Administration—Administrative Tools page in the Setup menu).
  • By default, there aren't any rights set for the new Vunetrix user group. Initially, users in this group will not see any objects in the Vunetrix device tree. Please edit your device tree object's settings and set access rights for your newly created user group in the Inherit Access Rights section. Note: The easiest way is to set these rights in the Root Group Settings.
  • Vunetrix only supports explicit group rights. If your AD uses groups which are member of another group, Vunetrix will not regard inherited implicit rights of the parent group and therefore refuse login for members of those groups.
  • Vunetrix will ignore AD information about Organizational Units (OUs). These values cannot be read by Vunetrix.
  • Vunetrix does not support SSO (single sign-on).

 

 

Next Topic

Keywords: