Configure groups for Active Directory

As part of Active Directory configuration, you will need to configure groups.

Contrast doesn't perform Data Access Control using the integrated AD servers. In other words, roles and access to data within the application are handled by the application, and user roles are set by the Organization Administrators. However, there is an Access Control check when logging in or creating new users to ensure that the provided user belongs to the correct group in AD.

To configure groups:

  1. UUID-b67db7bd-6c2b-12f5-e658-292ad87e7b3f.png

    Use the groups that you created on your external AD server, to assign users to one of the following Contrast groups.

    • SuperAdmin group: This group allows users to log in to the Super Administrator interface.

    • User group: This group allows users to be added to an organization and log in to the standard user interface. This group is appropriate for all other users.

    Note

    If you add a user to both groups in your AD instance, Contrast will automatically add them to the SuperAdmin group during configuration.

  2. Select Query for groups to enable a live search of existing groups as you begin to type within the input fields.

    Note

    To create users with AD authentication in Contrast while bypassing the Access Control check, execute the following query in the database.

    UPDATE teamserver_preferences SET property_value='true' WHERE property_name='directory.skip.user_existence.validation'
In this section: