You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/administration/active-directory-and-openldap-support.mdx
+83-12Lines changed: 83 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,29 +1,100 @@
1
1
---
2
-
title: "Active Directory and OpenLDAP Support"
2
+
title: "Multi-domain Active Directory and OpenLDAP Support"
3
3
sidebar_position: 1
4
4
---
5
5
6
-
## Multi-domain Active Directory and OpenLDAP Support
6
+
importThemedImagefrom'@theme/ThemedImage'
7
+
importuseBaseUrlfrom'@docusaurus/useBaseUrl'
7
8
8
-
Device42 can now be configured to work with multiple Active Directory (AD) servers. AD servers can be used for both Active Directorybased logins, as well as AD synchronization.
9
+
Device42 can now be configured to work with multiple Active Directory (AD) servers. AD servers can be used for both Active Directory-based logins and AD synchronization.
9
10
10
-
AD settings can be found and configured in *Tools > Settings > Active Directory Settings*, but are only accessible to D42 **super users**. Multiple Active Directory settings and/or up to one OpenLDAP server setting can be configured at a time to properly describe your environment. Each Active Directory setting can also specify multiple domains.
11
+
AD settings can be found and configured under **Tools > Settings > Active Directory Settings** and are only accessible to Device42 superusers. Multiple Active Directory settings and up to one OpenLDAP server setting can be configured at a time to properly describe your environment. Each Active Directory setting can also specify multiple domains.
11
12
12
-
13
+
## Add New Active Directory or OpenLDAP Settings
13
14
14
-
After entering Active Directory or LDAP settings, you can test your configuration with the *'Test Connection'* button on the view page. You will be prompted for credentials to initiate the test.
15
+
From the Active Directory/LDAP Settings list page, click **Create**.
15
16
16
-
If you have selected to utilize “DomainUsername” Username Login Style, then users are required to enter both the domain and username to login into Device42
25
+
Under **LDAP Type**, choose **Active Directory** or **Open LDAP**.
19
26
20
-
For the **Active Directory** type, choosing **Domain\Username** as your **Username login Style** reveals the **Get Referral NetBIOS** option, which returns usernames in the format `ReferralNetbios/Username`.
23
36
24
-
To add a single new Administrator user manually from Active Directory, simply visit the main menu, *"Tools -> Admins & Permissions -> Administrators"*. 
You are able to review the domain found for the user found prior to adding them, and **the new user will be added according to the currently configured "Username Login Style option"**: (previous section). 
45
+
If you select **Domain\Username** as your **Username login Style**, users will be required to enter both their domain and username to log in to Device42.
For the **Open LDAP** type, you can choose an **OpenLDAP group attribute** to identify group members. The available options are **memberUid**, **uniqueMember**, **members**, and **member**.
- You will be prompted to provide credentials for initiating the test. Leave the credentials blank to use the currently selected username and password.
Copy file name to clipboardExpand all lines: docs/administration/add-an-active-directory-user-as-a-device42-administrator.mdx
+23-10Lines changed: 23 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,24 +3,37 @@ title: "Add an Active Directory User as a Device42 Administrator"
3
3
sidebar_position: 3
4
4
---
5
5
6
-
Below are the steps to create the Device42 Active Directory settings and to add AD users as Administrators for device42. Please note that there are no Active directory credentials stored in the device42 application. You will need to enter valid domain user credentials each time before you can search for a user.
6
+
importThemedImagefrom'@theme/ThemedImage'
7
+
importuseBaseUrlfrom'@docusaurus/useBaseUrl'
7
8
8
-
## Process Overview Animation
9
+
You can create Active Directory (AD) settings in Device42 and use them to add AD users as administrators.
9
10
10
-
The following is an animation that overviews the process outlined below. If the animation does not open correctly, use this link: [Add Active Directory User](https://www.imgoat.com/uploads/9adc1e107f/206938.gif).
11
+
First, add your AD settings under **Tools > Settings > Active Directory Settings**. See the [Active Directory and OpenLDAP](active-directory-and-openldap-support.mdx) page for details.
11
12
12
-
13
+
Next, manually add an administrator user from the Active Directory domain you configured. Navigate to **Tools > Admins & Permissions > Administrators** and click **Create Active Directory Admin**.
Search for an ActiveDirectory user to add as an administrator. Device42 displays the AD domain associated with the user you searched for before you add them.
17
24
18
-
Go to **Tools > Settings > Active Directory Settings** and enter and save the settings for your domain. You can test these setting using the Test Active Directory Authentication section at the bottom of the AD settings page.
25
+
[The **Username login Style**option](active-directory-and-openldap-support.mdx#add-new-active-directory-or-openldap-settings) selected when the AD settings were added controls how Device42 formats and recognizes usernames during login (for example, as `Domain\Username` or `username@domain`).
35
+
Note that Active Directory credentials are not stored in the Device42 application. You need to enter valid domain user credentials each time you search for a user.
23
36
24
37
## Configuring the Active Directory User Discovery/sync Job
25
38
26
-
You may now configure an AD Sync Job to pull AD users in bulk and/or keep them synced. Proceed to[the Active Directory Discovery Job docs page](auto-discovery/active-directory-sync.mdx) to view the AD discovery process.
39
+
You can configure an AD Sync Job to pull in AD user data in bulk and/or keep them synced. See[the Active Directory Discovery Job docs page](auto-discovery/active-directory-sync.mdx) to view the AD discovery process.
Auto Clean rules help you manage old and possibly stale data in Device42, automatically. Should an object _(e.g. a device or an IP address)_ not be found by a subsequent autodiscovery job, or modified by a manual effort, it may be out of service. This is especially true of servers and other objects in public clouds, but can also apply to objects that are behind the corporate firewall.
9
+
Auto Clean rules help you manage old and possibly stale data in Device42, automatically. Should an object (like a device or an IP address) not be found by a subsequent autodiscovery job, or modified by a manual effort, it may be out of service. This is especially true of servers and other objects in public clouds, but can also apply to objects that are behind the corporate firewall.
9
10
10
11
The rules for when a particular type of object should be considered and the rules for what to do about such objects vary from organization to organization. This feature enables you to define your own rules and tell Device42 what actions should be taken.
11
12
12
13
Device42 includes several system-defined disabled Auto Clean rules (related to ADM data) as suggested examples you can use to base your own rules on. You can also enable these example rules to keep your ADM data cleaner.
13
14
14
-
Select **Tools > Auto Clean Rules** and then click **Add Auto Clean Rule** on the rules list page.
15
-
16
-
17
-
18
15
## Auto Clean Supported CIs
19
16
20
-
Auto Clean rules can target a wide variety of CIs _(Configuration Items)_ in Device42, including everything from Assets to users to VLANs, and everything in between. The following images list the objects supported as Auto Clean rule targets.
Navigate to **Tools > Templates & Bulk Operations > Auto Clean Rules** and then click **Create**.
62
+
63
+
The combination of object types and the search criteria you select for those object types defines the Auto Clean rule. As you build your search criteria, the **Preview** list shows the objects that the Auto Clean rule will be applied to.
Each rule specifies a type of object and provides a Modify Search function you use to define the specific objects you want to apply the rule to. The combination of object type and search criteria define the rule. The examples below show building a search for Device objects to apply a rule to.
75
+
- Select an **Object Type** for the rule to target – for example, **Devices**.
- For the Devices object type, for example, you could select **physical** under the **Type** dropdown. Click **More Filters** to display more basic dropdown filters to select values from.
58
88
59
-
You can also use the [Advanced Search](/getstarted/advanced-search-feature.mdx) feature (binocular button) to build a search criteria.
- You can also use the [Advanced Search](getstarted/advanced-search-feature.mdx) feature to include search criteria.
62
98
63
-
As you build your search criteria, the Preview list in the search panel shows the objects to which the Auto Clean rule will be applied to. Click _OK_ to apply the search.
- Click **Add** to apply the search for the object type. You can click the **pencil icon** again to add another device and define search criteria for it.
66
108
67
-
(Note that the system rule _Shared IPs maintenance_ uses a Number of Days option instead of the Modify Search option.)
The available Auto Clean Rule Action options vary depending on which _Object type_ you select for the rule. The example below shows the action options for device objects.
119
+
Select the actions to perform on CIs matching added object types and its criteria. The available Auto Clean Rule **Action** options vary depending on which **Object type** you select for the rule. The example below shows the action options for Device objects.
-**Archive and delete the data:** Create an archive record for the object and delete the object. You can find archived records under **Analytics > Archived Objects**.
133
+
-**Clear all IPs:** Remove IPs from the Device.
134
+
-**Clear all IPs for this subnet:** Clear all device IPs from the entered or selected subnet.
135
+
-**Clear all Connectivity:** Clear all connectivity to the device.
136
+
-**Change to not in service:** Set the device status as not in service.
-**Webhook AutoClean Endpoints:** Add or delete webhooks that will be sent when the rule is triggered.
84
158
85
159
:::info
86
160
The Auto Clean rules run once per day. If only an email or webhook is sent but no action is taken, the email or webhook will repeat each day until an action is taken that deletes or changes the object record.
0 commit comments