Instead of adding individual domain users, you can add domain groups to allow users to log in to vRealize Log Insight.
About this task
When you enable AD support in vRealize Log Insight, you configure a domain name and provide a binding user that belongs to the domain. vRealize Log Insight uses the binding user to verify the connection to the AD domain, and to verify the existence of AD users and groups.
The Active Director groups that you add to vRealize Log Insight must either belong to the domain of the binding user, or to a domain that is trusted by the domain of the binding user.
An Active Directory user inherits roles that are assigned to any group the user belongs to in addition to the roles that are assigned to the individual user. For example, an Administrator can assign GroupA to the role of View Admin and assign the user Bob to the role of User. Bob can also be assigned to GroupA. When Bob logs in, he inherits the group role and has privileges for both the View Admin and User roles.
Verify that you are logged in to the vRealize Log Insight web user interface as a user with the Edit Admin permission. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
Verify that you configured AD support. See Enable User Authentication Through Active Directory
- Click the configuration drop-down menu icon and select Administration.
- Under Management, click Access Control.
- Click Users and Groups.
- Under Directory Groups, click New Group.
- Click Active Directory in the Type drop-down menu.
The default domain name that you specified when you configured Active Directory support appears in the Domain text box. If you are adding groups from the default domain, do not modify the domain name.
- (Optional) If you want to add a group from a domain that trusts the default domain, type the name of the trusting domain in the Domain text box.
- Enter the name of the group that you want to add.
- From the Roles list on the right, select one or more predefined or custom user roles.
Users can access the full functionality of vRealize Log Insight. You can view log events, run queries to search and filter logs, import content packs into their own user space, add alert queries, and manage your own user accounts to change a password or email address. Users do not have access to the administration options, cannot share content with other users, cannot modify the accounts of other users, and cannot install a content pack from the Marketplace. However, you can import a content pack into your own user space which is visible only to you.
Dashboard users can only use the Dashboards page of vRealize Log Insight.
View Only Admin
View Admin users can view Admin information, have full User access, and can edit Shared content.
Super Admin users can access the full functionality of vRealize Log Insight, can administer vRealize Log Insight, and can manage the accounts of all other users.
- Click Save.
vRealize Log Insight verifies whether the AD group exists in the domain that you specified or in a trusting domain. If the group cannot be found, a dialog box informs you that vRealize Log Insight cannot verify that group. You can save the group without verification or cancel to correct the group name.
Users that belong to the Active Directory group that you added can use their domain account to log in to vRealize Log Insight and have the same level of permissions as the group to which they belong.