Creating an LDAP user group

LDAP user group credentials are stored on the remote server. If you want users in the LDAP user group to be able to log in to the orchestrator web interface using their credentials, you must first create an LDAP connection that the orchestrator uses to connect to the remote server, and then create your LDAP users or LDAP user groups.

To create an LDAP user group:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Select the Groups tab.

   A table of LDAP user groups is displayed.

3. Click + User group.
4. In the displayed settings area, in the Name field, enter the name of the LDAP user group on the remote server in the user@domain or domain\user format.
5. In the Role drop-down list, select the role of LDAP users in the group:
   • Administrator
   • Tenant
6. If you want to assign an access permission to an LDAP user group, in the Permissions drop-down list, select the previously created access permission. By default, the LDAP user group gets the Full access permission, which grants full access to the orchestrator web interface.
7. If you want to enable two-factor authentication for the LDAP user group, select the Two-step authentication check box. This check box is cleared by default. Users in the LDAP user group must complete two-factor authentication the next time they log in to the orchestrator web interface.

   When two-factor authentication is enabled for a group of LDAP users, authenticated LDAP users are displayed in the table of users. You can disable two-factor authentication for an LDAP user by editing the user.

   You cannot enable two-factor authentication for an LDAP user group if two-factor authentication is disabled for all users.

8. Click Create.

The LDAP user group is created and displayed in the table.