Identity provider; Check for username

I am trying to get associates access to a perspective application using our Active Directory which was added to the Identity Providers in Ignition. The problem is some people can log in and others can't. I am told we can add them as a user in Ignition which will give them access, but I need to search the Identity provider and see whose login credentials were synced and whose were not. I can test it using 'test login' but I need their passwords, and this would take a long time.

How can I search the Identity provider or how can I get the Identity provider to sync everyone?

If you are using either an Active Directory or AD/Internal Hybrid user source, you cannot add users in Ignition. You will have to add them on the actual Active Directory.

You can see the list of users that Ignition is receiving from the Active Directory or AD/Internal Hybrid user source by clicking on More > Manage Users next to the user source itself in the gateway webpage. As far as I know, you cannot see which users are not being returned from the AD server.

1 Like

It depends on the check-box "List Users from Active Directory".
If it is checked, then it may (not always) display the users that are found from the Active Directory LDAP query parameters that you have configured.
I recommend leaving it off because that is often a long list and is queried frequently but it's a way to see if it's working.
Another check is on the gateway Config-->Security-->User Sources, click on the "Verify a User Source" link. Then you can test users credentials and see the resulting roles for the user.

Also note, when using the Active Directory Hybrid model, you need to add at least one Role before you can add any users. With the AD Hybrid model, Active Directory is used to verify that a user/password combination is correct; after that, groups and permissions are based on the Roles and Users you add in Ignition.

1 Like

Yes, we have used this method before, but it requires the associates' passwords. If we have a large number of people that we need to test it becomes a problem getting all the people to come and test their log in.

You should only need to test one user from each Active Directory group.

If it works for one member of a group it will work for every member of the group.

You’re testing the configuration of Ignition, not every Active Directory user account.