To use Active Directory credentials to log in to the Carbon Black App Control Console, you enable the usage of AD-based logins.

Use this procedure to enable the usage of AD-based logins in the console.
Important: You can disable AD-based Logins in the console by choosing the Disabled value. However, if you disable this access, users will no longer be able to use their AD account names and passwords to access the console.

Procedure

  1. For each AD user account that you want to give console access, make sure you have assigned the account to a mapped AD security group.
  2. Log in to the console as admin or any other administrator account you have created.
  3. In the console menu, click on the configuration (gear) icon and choose System Configuration.

    The System Configuration page opens.

  4. On the System Configuration page, click the General tab. Initially, the settings on this page are grayed out.
    The system configuration settings for Active Directory/LDAP integration
  5. Examine the Active Directory/LDAP integration box. If AD-based logins already shows as Enabled, you do not have to make any changes and you can skip the remaining steps.
  6. If AD-based logins shows a value of Disabled, click the Edit button at the bottom of the page to make the settings editable.
  7. In the dropdown menu for AD-based Logins, choose Enabled.
    • If you are using Windows 2000 domain controllers, check the Windows 2000 DCs box. This notifies the Carbon Black App Control Server that cross-domain membership features are not available.
    • If you created the AD Security Groups for Carbon Black App Control in a domain other than the login domain for the users who will log in to the console, enter that domain in the AD security domain field. (This feature is not available if you are using Windows 2000 domain controllers).
  8. In the Search Level dropdown menu, select Global Catalog for the AD browser to search all domains, or select LDAP for a restricted search.
  9. Click the Update button, and when the Confirmation dialog appears, click Yes. You can now use Active Directory login accounts (if from one of the mapped groups) to access the console.