Giving Administrator rights to AD / internal hybrid user source users

I have created an AD [Active Directory] / Internal Hybrid user source. It is working properly for client access control.

I wish to authenticate admin users in the same manner. How do I do this? (We nearly locked ourselves out by selecting Config | System - Gateway Settings | System User Source | AD internal hybrid. Fortunately we still had a browser logged in as admin.)

What’s the trick?

Related post: Possible to lock self out of gateway configuration.

Soft fallback to the internal user source.

Cool, and thank you for the quick reply. That should get me back in using “admin”.

Now how do I give myself admin rights when I log in as myself using the AD / internal hybrid authentication?

Pretty sure, just give admin a role with the exact same name as your administrator role in the AD/Internal user source.

Thank you Phil and Paul.

For anyone else looking for a little more detail:

For safety I recommend that you open a different browser (which doesn’t know what the other one is doing - a private window might do the trick) and log in as admin. This way if you lock yourself out on the other browser you’re still in as admin on this one.

Set your user source.

  1. Get your AD user source set up and verify it with the user source test. It’s a good idea to have a couple of username passwords that you can use so that yocan test various access levels.
  2. Go to: Config | System - Gateway Settings | System User Source | AD internal hybrid.
  3. On that page, Gateway Config Role(s): Administrator. (This is the default.)
  4. Then Status Page Role(s): Administrator. (This is the default.)
  5. Save.

Now we need to add the Administrator role to our AD / internal hybrid user source.

  1. Go to *Config | Security - Users, Roles | AD internal hybrid - Manage users.
  2. On the Roles tab add a role Administrator exactly as set in step 3.
  3. On the User tab select the user to be assigned Administrator rights. Edit and check the Administrator role.

You can now sign out as admin and try signing in as the AD user that you have just set up.