I’ve set up Authentication of Users through an AD/Internal Hybrid. I’d like to switch to a full Active Directory User Source and control the roles and assignments in the AD.
I see how to set up the connection: https://docs.inductiveautomation.com/display/DOC80/Active+Directory+Authentication
I do not see how to configure the AD side to be useful in the Roles management… What am I missing?
Roles are whatever AD groups you have. They can’t be managed through Ignition.
So my three hundred or so groups in the AD all become assignable roles? How does Ignition know? Does it look in the AD for a group of objects under a specifically named group?
It depends how high in the AD subtree you go. If it's at the top, then all groups become assignable roles. All users become potential users.
The User Search Base and Role Search Base settings define where in the subtree to start (They're in the advanced settings)