Map Domain Security Group users
You can map a domain security group to the ESET PROTECT Server and allow existing users (members of these domain security groups) to become ESET PROTECT Web Console users.
This feature is only available for systems with Active Directory. |
To access the Mapped Domain Security Group Wizard, navigate to More > Users > Add New > New Mapped domain security group.
Basic
Domain group
Type a Name for the group. You can also type a group Description.
Click Select tags to assign tags.
Select Home Group. This is static group where all objects created by users from this domain group will be automatically contained.
Home Group is automatically detected based on the assigned permission sets of the currently active user.
Example scenario: The currently active user account has the Write access right for Software Install Client Task and the user account Home Group is "Department_1". When the user creates a new Software Install Client Task, "Department_1" will be automatically selected as the client task Home Group. |
If the pre-selected Home Group does not meet your expectations, you can select the Home Group manually.
This domain group will be defined by a Group SID (security identifier). Click Select to select a group from the list and then click OK to confirm. Your ESET PROTECT Server must be joined in the domain, otherwise there will be no groups in the list. If you are using Virtual Appliance, see the related chapter.
•If LDAPS is not available, you can map domain security group by: otemporarily deactivating Active Directory settings in More > Settings > Advanced Settings > Active Directory. otyping the Group SID manually. •If you keep getting an error message after clicking Select and you have Active Directory set up correctly, the background process might be time outed. You can: oType the SID manually to bypass the issue oType your AD credentials to More > Settings > Advanced Settings > Active Directory. ESET PROTECT On-Prem then uses a different, faster way to retrieve the list of SIDs. |
Account
Enabled - Select this option unless you want the account to be inactive (if you intend to use it later).
Autologout (min) - This option defines the idle time period (in minutes), after which the user is logged out of Web Console.
Email contact and Phone contact can be defined to help identify the group.
Permission Sets
Assign competencies (rights) for the users from this group.
The permission sets are set for the Active Directory domain security group (instead of for individual users, as in the Native User case). |
You can assign multiple permission sets to a domain security group.
You can select a pre-defined competence (listed below) or you can use a custom permission set.
•Reviewer permission set - Read-only rights for the All group.
•Administrator permission set - Full access to the All group.
•Server assisted installation permission set - Minimum access rights required for server assisted installation.
•ESET Inspect reviewer permission set - Minimum read-only access rights (for the All group) required for an ESET Inspect On-Prem user.
•ESET Inspect server permission set - Access rights (for the All group) required for ESET Inspect On-Prem installation process and further automatic synchronization between ESET Inspect On-Prem and ESET PROTECT On-Prem.
•ESET Inspect user permission set - Write access rights (for the All group) required for an ESET Inspect On-Prem user.
Each permission set provides permissions only for objects contained in the Static Groups selected in the permission set.
Users without any permission set will not be able to log in to the Web Console.
All pre-defined permission sets have the All group in the Static Groups section. Be aware of this when assigning it to a user. Users will have these permissions over all objects in ESET PROTECT On-Prem. |
Summary
Review the settings configured for this user and click Finish to create the group.
Users will appear in the Mapped Domain Security Groups after they first log in.