Map Group to Domain Security Group

You can map a domain security group to the ESMC Server and allow existing users (members of these domain security groups) to become ESMC Web Console users.



This feature is only available for systems with Active Directory. It cannot be used with LDAP.

To access the Mapped Domain Security Group Wizard, navigate to More > Users > Mapped domain security groups > New, or simply click New when the mapped domain security group is selected in the tree.



Domain group

Enter a Name for the group. You can also enter a group Description.

Click Select tags to assign tags.

Select Home Group. This is static group where all objects created by users from this domain group will be automatically contained.

This domain group will be defined by a Group SID (security identifier). Click Select to select a group from the list and then click OK to confirm. Your ESMC Server must be joined in the domain, otherwise there will be no groups in the list. If you are using Virtual Appliance, see the related chapter.



If you keep getting an error message after clicking Select and you have AD set up well, the background process might be time outed. You can:

enter the SID manually to bypass the issue

enter your AD credentials to Server Settings > Advanced Settings > Active Directory. ESMC then uses a different, faster way to retrieve the list of SIDs.


Enabled - Select this option unless you want the account to be inactive (if you intend to use it later).

Autologout (min) - This option defines the idle time period (in minutes), after which the user is logged out of Web Console.

Email contact and Phone contact can be defined to help identify the group.

Permission Sets

Assign competences (rights) for the users from this group.

A user can be assigned multiple permission sets. You can select a pre-defined competence (listed below) or you can use a custom permission set.

Reviewer permission set - Read-only rights for the All group.

Administrator permission set - Full access to the All group.

Server assisted installation permission set - Minimum access rights required for server assisted installation.

Each permission set provides permissions only for objects contained in the Static Groups selected in the permission set. Users without any permission set will not be able to log in to the Web Console.



All pre-defined permission sets have the All group in the Static Groups section. Be aware of this when assigning it to a user. Users will have these permissions over all objects in ESMC.


Review the settings configured for this user and click Finish to create the group.

Users will appear in the Domain Users tab after they first log in.