Configure Operator Roles using AD Groups

Anthony - Versasec Support
Anthony - Versasec Support
  • Updated

Introduction

From version 6.2 it is possible to assign operator roles within vSEC:CMS to Operators based on their AD group memberships. This article will describe how this can be done.

Configure

An operator is a person who has been issued with a credential token and assigned roles as described in the articles Configure Operator Credential and Operator Roles. The roles assigned here are referred to as static roles. You can determine what roles have been assigned to an operator from Options - Operators and from the example below you can see what static roles have been assigned.

As an example, the operator above (Mike Murphy) has static roles of Restricted, Elevated and Normal. We want to give operators, who are members of a particular AD group (vSEC-CMS System Administrator in this example), an additional role of System Administrator.

From AD we will add membership of this group to the operator in question.

Navigate to Options - Roles and click the Manage AD/Groups(s) button. In the Role drop-down box all available roles will be listed. Select the role you wish to assign (System Administrator in this example), select the AD connection you want to use and click the Select Group button.

Select the AD group you want to use and click Ok.

Note
Current limitation is that you can only add one AD group that can be assigned to a role.

You will see the selected AD group then.

Click the Test button to perform an actual test. Click Get DN and select operator from AD (Mike Murphy in this example) and select the role from Role drop-down list and Test. You should get a success dialog if everything is configured correctly.

Click Save to save and close the configuration.

Then go back to Options - Operator and select the operator we are testing. Click the Edit button and you will see the role of System Administrator is also assigned to the operator.

Now when the operator in this example tries to log onto vSEC:CMS they will have the additional role of System Administrator.