Failover User Source Roles

Hi All,

I am trying to set up security in my project, but am having trouble accessing my roles defined in the failover source.

I have 2 user sources:

  1. Active Directory (not yet fully set up - roles don’t exist yet)
  2. Default Internal

The active directory is set to failover (soft) to the default internal, which I am trying to test with as I don’t have accounts and roles fully set up on the active directory. I have set up my roles on the failover internal source, and when I have my identity provider set to that default primarily instead of the Active directory it works fine and the roles are there. When I set the IDP to the active directory and the AD to failover to the default user source it logs in, but doesn’t bring through the roles I have declared for the user in the failover user source.

In some other threads I noted there was an expression you could use to get that info into a security level, but I was intending to use the roles directly in the project. I have several security zones set up, which automatically populate under roles. I don’t really want to make security levels rules for all of them unless that is the only way.

Are the roles not passed through if they don’t exist in the main user source? Do I have to declare security level rules and use expressions to pull the roles from a failover source?

Thanks, any help is appreciated.

Gateway is Ignition 8.1.10.

After a lot of going in circles the roles do appear to be coming through from the failover source.
I believe my problem was that the identity provider was set to look at the Active directory, but the project itself was looking at the fallback user source under the project settings.