This document will
outline how to create an active directory administrator account on the device
that can log in and view reports and the
ACC.
This document will
not outline creating an LDAP, Kerberos, or RADIUS server profile which you will
require.
Step 1: Create an
authentication profile to allow the AD user to authenticate. This is done at
Device > Authentication Profile. Click add and in the allow list remove All
and add the users that you want to give read only permissions. Choose the
Authentication type and server profile to match the authentication type. You
also should change Login Attribute to sAMAccountName.
Step 2: Go to Admin
Roles in Device >Admin Roles. Add a new one disabling the features you don't
want the user to have access to. For our
example only the ACC and the features in the Monitor tab are left enabled everything
else is disabled.
Step 3: Go to
Administrators in Device > Administrators and create a new Administrator
account that keys off of the users defined in the Authentication Profile you
created. Choose the authentication
profile created then choose Role Based and the new Admin Role you created in
the Profile section.
Step 4: Commit
Step 5: Have the
user login with their Active Directory account.
Results: The user should now see limited actions and
only a few tabs. In our case ACC and Monitor at which point the user can see
any reports and information that they wish without having the ability to make
changes.
No comments:
Post a Comment