On first hand, i have created a group called USER, with management role = User
and I want all my users be in that Group.
On an other hand, I have configure LDAP authentication. It works fine.
==> Each time a new user connects, it is created and appears on one new line in the "Users Accounts" tab in Settings / dynaTrace Server ... / Users.
Presently, when a new LDAP user connects for the first time, its account is created but none GROUP is affected : Only "-" appears in its Groups cell, on its line.
I would like it would be affected automatically to my USER group.
How to get this operate ... if this is possible ?
Thanks in advance
I have search in the online doc how to configure LDAP Authentication.
To make it operate correctly, I have appended in the dtserver.ini the 2 following lines :
Solved! Go to Solution.
Sorry, this is not possible.
There are confidential data.
rmk : Ldap is not the Pb : Authentication is working fine.
Users are added correctly. What i want is just they could be added in my existing USERS dT group ... by default. but presently they are not and any new user is affected to NONE group.
You have to create same group in dynaTrace server "Groups" as the following .
1- Groups --> Create
2- select group by press "Select LDAP Group" , it should marked as "LDAP Group" automatically .
3- grants system profiles and dashboard for this group as you want .
i hope this information solved your issue
as Abdel stated, your users must belong to an existing LDAP/AD group for them to be automatically a member of that group in Dynatrace.
So you'll have to find (or set) in LDAP/AD a default group that all your users belong to.
Then, you'll have to specify that group in Dynatrace and give it the same rights as the internal "Users" group (as stated by Abdel)
There was no real change on the LDAP side of the house. Abdels's and Laurent's answers are still the way how to achieve that.
What's new and might be a smart way of central user management is our new SSO support based on SAML 2, which allows you to use our own IdP for identification.
This feature is in beta (fully supported, but no UI) in our current version AppMon 2017 May and will be completely done in our upcoming release, where the EAP start end of October.
Here is the link how to configure it.
But also with this approach, you would need to grant permissions based on groups. The identification provider (= your IdP) must send a group name which has a matching group on the AppMon Server side. The user permissions are then based on that matching group.
Hope this helps.