Administration Guides

Simple Setup AD Group based RBAC


Before You Start

Read AD Group Name Requirements before starting Click Here.

Configuration Steps

  1. Steps should be followed exactly
    1. NOTE: In this example the domain name is AD02 and must be upper case, follow screenshots as a reference.  We suggest using our exact group names to create your first RBAC role.
  2. Create an ad group named superna-admins (make sure it is all lower case, create as a global security group)
  4. Add your user account to the group using Users and Computers Snapin console.
  5. Create role in the Eyeglass User Roles Icon after loggin into Eyeglass as admin user.
  7. Add the AD group with Upper case domain name (mandatory upper case) and lower case group name (mandatory lower case), see the diagram below as a reference.
  9. Select check boxes for the roles functions or icons that should be assigned to the role, make sure to click save.
  10. Verify your cluster is ready for RBAC
    1. The user view command will list AD group.
    2. Run this command on your cluster isi auth users view --user=user@domain --show-groups​
    3. The AD group created above must be listed in the output of the isi command.
      1. WARNING: If AD the group is not listed in the output the RBAC role will not work.
    4. The ISI command above will also include the DNS domain property of the user and the SAM Account Name
      1. The login name will be <sam account name>@<DNS Domain name>
      2. Example below:
        1. DNS Domain name = AD2.TEST
        2. SAM Account Name = demo1
        3. The additional groups must show the AD group AD02\superna-admins.
        4. The user name to enter to the proxy login would be demo1@ad2.test  
  11. Login with  <sam account name>@<DNS Domain name> 
  12. Follow the How to Login guide located here.
© Superna Inc