Map Domain Security Group users

You can map a domain security group to the ESET PROTECT Server and allow existing users (members of these domain security groups) to become ESET PROTECT Web Console users.


note

This feature is only available for systems with Active Directory.

To access the Mapped Domain Security Group Wizard, navigate to More > Users > Add New > New Mapped domain security group.

admin_map_group_domain_security

Basic

Domain group

Type a Name for the group. You can also type a group Description.

Click Select tags to assign tags.

Select Home Group. This is static group where all objects created by users from this domain group will be automatically contained.

Home Group is automatically detected based on the assigned permission sets of the currently active user.


example

Example scenario:

The currently active user account has the Write access right for Software Install Client Task and the user account Home Group is "Department_1". When the user creates a new Software Install Client Task, "Department_1" will be automatically selected as the client task Home Group.

If the pre-selected Home Group does not meet your expectations, you can select the Home Group manually.

This domain group will be defined by a Group SID (security identifier). Click Select to select a group from the list and then click OK to confirm. Your ESET PROTECT Server must be joined in the domain, otherwise there will be no groups in the list. If you are using Virtual Appliance, see the related chapter.


important

If LDAPS is not available, you can map domain security group by:

otemporarily deactivating Active Directory settings in More > Settings > Advanced Settings > Active Directory.

otyping the Group SID manually.

If you keep getting an error message after clicking Select and you have Active Directory set up correctly, the background process might be time outed. You can:

oType the SID manually to bypass the issue

oType your AD credentials to More > Settings > Advanced Settings > Active Directory. ESET PROTECT then uses a different, faster way to retrieve the list of SIDs.

Account

Enabled - Select this option unless you want the account to be inactive (if you intend to use it later).

Autologout (min) - This option defines the idle time period (in minutes), after which the user is logged out of Web Console.

Email contact and Phone contact can be defined to help identify the group.

Permission Sets

Assign competencies (rights) for the users from this group.


note

The permission sets are set for the Active Directory domain security group (instead of for individual users, as in the Native User case).

You can assign multiple permission sets to a domain security group.

You can select a pre-defined competence (listed below) or you can use a custom permission set.

Reviewer permission set - Read-only rights for the All group.

Administrator permission set - Full access to the All group.

Server assisted installation permission set - Minimum access rights required for server assisted installation.

ESET Inspect reviewer permission set - Minimum read-only access rights (for the All group) required for an ESET Inspect user.

ESET Inspect server permission set - Access rights (for the All group) required for ESET Inspect installation process and further automatic synchronization between ESET Inspect and ESET PROTECT.

ESET Inspect user permission set - Write access rights (for the All group) required for an ESET Inspect user.

Each permission set provides permissions only for objects contained in the Static Groups selected in the permission set.

Users without any permission set will not be able to log in to the Web Console.


warning

All pre-defined permission sets have the All group in the Static Groups section. Be aware of this when assigning it to a user. Users will have these permissions over all objects in ESET PROTECT.

Summary

Review the settings configured for this user and click Finish to create the group.

Users will appear in the Mapped Domain Security Groups after they first log in.