My gateway is configured to use an Active Directory user source (NOT the AD/internal Hybrid).
My domain account is part of the admin group and I can verify the User Source using it. Login Succeed and shows the group my user is assigned to.
I can use my account to start de designer and make changes to projects.
But when I try to login in the gateway config page, my account is not working. I have to use the built-in Ignition admin account.
I think I missed an option somewhere on the gateway. Can anyone help?
On the Gateway Webpage, under Config/Security/General/Gateway Config Permissions you can set the roles that can access the config page.
The roles under Config/Security/Security Levels will have to match the roles you have in AD, not sure if it will work without setting that up as well.
Yes I specified the proper group earlier today. My account is part of that group. I don't know if it required a gateway restart though?
By the way, the AD group's name contains spaces and specials characters (it's in french). Can this be a problem?
I think that if you have the Administrator account set up in Ignition's default user source and, in your AD source, have a role defined as Administrator (with exactly the same spelling - not a translation) it should work. Someone who has done this more recently may be able to clarify.
Found my problem. Config/Security/General/System Identity Provider was still using the default selection.
I created a new Identity Provider under Config/Security/Identity Provider and assigned my AD as its User Source, then assigned that new Identity Provider to Config/Security/General/System Identity Provider.
This was my exact problem - thank you!
However I was still confused for a while on the fact the an Identity Provider needs to be created of type 'Ignition' with 'User Source' set to your AD that was set up in 'users, roles'.
Config -> Security -> Identity Providers
Create New Ignition Provider -> Ignition -> Next
Provider Name: MyName
User Source: <- Drop down, select your AD
After that the web config login worked. All other logins worked without this for some reason...
Including here in case it helps anyone else.