I have an Ignition system using AD Internal Hybrid authentication that is performing poorly due to a very large number of users.
Only a very small subset of these users are required to have access to Ignition so I want to disable the “List users from Active Directory” and just add a whitelist of users I need.
I am assuming I need to create users manually that match users in the Active Directory for this to work but have not been able to successfully log in.
Has anyone managed to do this successfully?
It has been a while since I have used this but as I recall, the hybrid method uses AD to authenticate a user and ‘you’ manage the users and roles. Yes, you have to do this manually but it is not difficult. If I recall this correctly: Go to Users, Roles on the gateway and select the user source, under ‘more’ you can manage users and roles. I still have one gateway that uses this profile.
I was already managing the roles in Ignition, the core issue I was trying to solve was reducing the number of users returned by AD.
In the end I managed to add a LDAP search filter in Advanced Settings/User Listing Base to reduce the number of returned users from approx. 4000 to 200, improving the query time from 20sec to 1sec.
I’m still curious about the “List Users from Active Directory” tick box in the settings. There doesn’t seem to be any documentation on how it works with that box unticked. i.e. adding users manually.