Use the Administration Console's role-based access control to determine who has administrative access to your environment. The system provides two predefined roles that you can assign to your Active Directory groups.

About this task

Roles and their associated rights determine which management actions a user can perform using the Administration Console. The system provides two predefined roles. You must assign a role to your organization's appropriate Active Directory groups before the users in that group can log in to the Administration Console and access management actions.

Two predefined roles are provided by default: a super administrator role and a demo administrator role. The predefined roles cannot be modified.

Table 1. Horizon Cloud Role-Based Access Control Groups

Role

Description

Super Administrator

A mandatory role that you must assign to at least one group in your Active Directory domain and optionally to others. This role grants all the permissions to perform management actions in the Administration Console.

Demo Administrator

A read-only role that you can optionally assign to one or more groups. Demo administrators can view the settings and select options to see additional choices in the console, but the selections do not change the configuration settings.

Note:

To enable access to the Administration Console for users connecting from outside your corporate network, configure Unified Access Gateway. See the deploying and configuration information for Unified Access Gateway, available at the Unified Access Gateway product documentation page.

When using Microsoft Azure cloud capacity, if the node was deployed with the Internet access toggle set to Yes, Unified Access Gateway is already deployed.

Procedure

In the Administration Console, assign a role to Active Directory groups using one of the following methods.

Option

Description

From the Roles & Permissions section of the Getting Started wizard

  1. Click Edit.

  2. Select one of the predefined roles.

  3. Use the search box to search for and select an Active Directory group.

  4. Click Save.

By navigating to Settings > Roles & Permissions

  1. Select one of the predefined roles and click Edit.

  2. Use the search box to search for and select an Active Directory group.

    The group is added to the set of selected groups.

  3. Click Save.

To remove the role from a group, click the X displayed on that group in the Selected User Group section.