Assigning Roles to Directory Groups
You can assign AtScale roles to directory groups, so that you can grant roles to multiple users at a time.
About this task
When you are managing users by means of an external directory service, such as an LDAP server, the users are assigned to groups in that directory service. By mapping groups directly to roles, you can prevent a large amount of administrative overhead costs that would accrue from access for individual users.
Of course, it is still possible to grant roles to individual users who are being managed through directory groups. When those users log into AtScale, their account information is synchronized with AtScale's records. You can assign additional roles to individual users, overriding the assignment they were given because of their membership in a group. However, if their account information is changed in the external directory service, the overrides are removed and the role assignments revert to the roles assigned to the groups that the individual users are members of.
Before you begin
- Create or edit the roles that you want to assign
- Connect to an external directory service
- Ensure that your user ID is an administrator for your AtScale organization or is a super user.
Procedure
- Choose Security from the main navigation.
- Click Mappings.
- In the section Directory Group to Role Mappings, add the mappings that you need.