Hello. We are currently testing the setup of Ignition on our network and we just managed to get Active Directory as a User Source setup on our Ignition using LDAPS. I can see the AD Users and Roles showing up on Ignition now but my question now is, how do we actually login to Ignition via our AD Users?
I've already specified the User Search Base and Role Search Base filters on advanced settings and i'm seeing the correct users and roles i want, but i don't see any way to allow them to login to Ignition using their account. how do i actually tell Ignition to allow anyone with X role to login to Ignition with the permissions i would like? Feel like i'm missing an obvious step, haha
Thanks so much for your help with this. Kind regards,
No, you can use AD integration for gateway login too. As per my previous post, use the AD Ignition Hybrid and create an Administrator role in that spelt exactly the same as "Administrator" in the default database. Anyone assigned that role can log in as an administrator using their AD credentials and you can keep the default Administrator password secret for emergencies or when the AD connection breaks.
I guess for our purposes, is there any way to use our existing Active Directory user source to get the AD users we want logging into the Gateway directly? or is it necessary to create a separate AD Ignition Hybrid user source for this to work?
Our end goal is to allow Users from AD who are in a specific AD group access to login to the Gateway directly without having to rely on local user accounts that are on Ignition. Hope this helps! Thanks!
Not in front of an AD system right now, but if I recall correctly you'll need to have to set up security levels, then use security level rules on the IdP to essentially "map" over the AD groups to security levels, then use those security levels in the gateway general security settings. It may also be possible to use roles/groups directly, but I'd have to test it to verify if you can use Authenticated/Roles/ directly without security levels.