Managing LDAP user groups

You can view the table of LDAP user groups in the Users section on the Groups tab. Information about LDAP user groups is displayed in the following table columns:

• Name is the name of the LDAP user group.
• Tenant is the tenant to which the LDAP user group is assigned.
• Role is the role of the LDAP users.
• Type is the type of the user group. Kaspersky SD-WAN supports only LDAP user groups.

The actions you can perform with the table are described in the Managing solution component tables instructions.

Creating an LDAP user group

LDAP user group credentials are stored on the remote server. If you want users in the LDAP user group to be able to log in to the orchestrator web interface using their credentials, you must first create an LDAP connection that the orchestrator uses to connect to the remote server, and then create your LDAP users or LDAP user groups.

If the user is a member of multiple LDAP user groups on the remote server, we recommend creating only one of those LDAP user groups in the orchestrator web interface. If multiple LDAP user groups have been created in the orchestrator web interface, a user that is a member of all of these LDAP user groups logs in to the orchestrator web interface as a member of that LDAP user group which was created first.

To create an LDAP user group:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Select the Groups tab.

   A table of LDAP user groups is displayed.

3. Click + User group.
4. In the displayed settings area, in the Name field, enter the name of the LDAP user group on the remote server in the user@domain or domain\user format.
5. In the Role drop-down list, select the role of LDAP users in the group:
   • Administrator
   • Tenant
6. In the Permissions drop-down list, select the created access permission that you want to assign to the LDAP user group. By default, the LDAP user group gets the Full access permission, which grants full access to the orchestrator web interface.
7. If you want to enable two-factor authentication for the LDAP user group, select the Two-factor authentication check box. This check box is cleared by default. Users in the LDAP user group must complete two-factor authentication the next time they log in to the orchestrator web interface.

   When two-factor authentication is enabled for a group of LDAP users, authenticated LDAP users are displayed in the table of users. You can disable two-factor authentication for an LDAP user by editing the user.

   You cannot enable two-factor authentication for an LDAP user group if two-factor authentication is disabled for all users.

8. Click Create.

The LDAP user group is created and displayed in the table.

Editing an LDAP user group

You cannot change the type and name of the LDAP user group.

To edit a user group:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Select the Groups tab.

   A table of LDAP user groups is displayed.

3. Click the LDAP user group that you want to edit.
4. In the displayed settings area, edit the following LDAP user group settings, if necessary: For a description of the settings, see the instructions for creating a LDAP user group.
5. Click Save.

The LDAP user group is modified and updated in the table.

Deleting an LDAP user group

Deleted LDAP user groups cannot be restored.

To delete an LDAP user group:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Select the Groups tab.

   A table of LDAP user groups is displayed.

3. Click the LDAP user group that you want to delete.
4. In the upper part of the displayed settings area, click Management→ Delete.
5. In the confirmation window, click Delete.

The LDAP user group is deleted and is no longer displayed in the table.