Access to Restricted Agents by Active Directory Groups

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jan 24, 2020
Version 13Show Document
  • View in full screen mode

Active Directory supports multiple types of groups. When configured to use Active Directory as an identity source, Authentication Manager supports only Universal groups.

When you select an Active Directory group for access on a restricted agent, make sure that you select a Universal group. If you use any other type of Active Directory group, the user may not be able to authenticate. When you view the Active Directory groups from the Security Console, the Security Console displays all groups, regardless of type.

The Security Console cannot display a user’s primary Active Directory user group, such as Domain Users. The group appears empty even though it has members.





We want your feedback! Tell us what you think of this page.