Map Domain Security Group users

You can map a domain security group to the ESMC Server and allow existing users (members of these domain security groups) to become ESMC Web Console users.

note

Note

This feature is only available for systems with Active Directory. It cannot be used with LDAP.

To access the Mapped Domain Security Group Wizard, navigate to More > Users > Add New > New Mapped domain security group.

admin_map_group_domain_security

Basic

Domain group

Enter a Name for the group. You can also enter a group Description.

Click Select tags to assign tags.

Select Home Group. This is static group where all objects created by users from this domain group will be automatically contained.

This domain group will be defined by a Group SID (security identifier). Click Select to select a group from the list and then click OK to confirm. Your ESMC Server must be joined in the domain, otherwise there will be no groups in the list. If you are using Virtual Appliance, see the related chapter.

note

Note

If you keep getting an error message after clicking Select and you have AD set up well, the background process might be time outed. You can:

enter the SID manually to bypass the issue

enter your AD credentials to Server Settings > Advanced Settings > Active Directory. ESMC then uses a different, faster way to retrieve the list of SIDs.

Account

Enabled - Select this option unless you want the account to be inactive (if you intend to use it later).

Autologout (min) - This option defines the idle time period (in minutes), after which the user is logged out of Web Console.

Email contact and Phone contact can be defined to help identify the group.

Permission Sets

Assign competences (rights) for the users from this group.

note

Note

The permission sets are set for the Active Directory domain security group (instead of for individual users, as in the Native User case).

You can assign multiple permission sets to a domain security group.

You can select a pre-defined competence (listed below) or you can use a custom permission set.

Reviewer permission set - Read-only rights for the All group.

Administrator permission set - Full access to the All group.

Server assisted installation permission set - Minimum access rights required for server assisted installation.

Enterprise Inspector reviewer permission set - Minimum read-only access rights (for the All group) required for an ESET Enterprise Inspector user.

Enterprise Inspector server permission set - Access rights (for the All group) required for ESET Enterprise Inspector installation process and further automatic synchronization between ESET Enterprise Inspector and ESMC.

Enterprise Inspector user permission set - Write access rights (for the All group) required for an ESET Enterprise Inspector user.

Each permission set provides permissions only for objects contained in the Static Groups selected in the permission set.

Users without any permission set will not be able to log in to the Web Console.

warning

Warning

All pre-defined permission sets have the All group in the Static Groups section. Be aware of this when assigning it to a user. Users will have these permissions over all objects in ESMC.

Summary

Review the settings configured for this user and click Finish to create the group.

Users will appear in the Mapped Domain Security Groups after they first log in.