Skip to main content

Configure groups for Active Directory

As part of Active Directory configuration, you will need to configure groups.

Contrast doesn't perform Data Access Control using the integrated AD servers. In other words, roles and access to data within the application are handled by the application and Organization Administrators set user roles. However, there is an Access Control check when logging in or creating new users to ensure that the provided user belongs to the correct group in Active Directory (AD).


  1. ADConfigureGroups.png

    Use the groups that you created on your external AD server to assign users to one of the following Contrast groups.

    • SuperAdmin group: This group allows users to log in to the Super Administrator interface.

      Users in this group are authenticated and authorized the first time they log in to Contrast.

    • User group: This group allows users to be added to an organization and log in to the Contrast web interface. This group is appropriate for all other users.

      To let users log in, add them to the organization manually in the Contrast web interface.


    If you add a user to both groups in your AD instance, Contrast automatically adds them to the SuperAdmin group during configuration.

  2. Select Query for groups to enable a live search of existing groups as you begin to type within the input fields.


    To create users with AD authentication in Contrast while bypassing the Access Control check, execute the following query in the database.

    UPDATE teamserver_preferences SET property_value='true' WHERE property_name='directory.skip.user_existence.validation'