TPAM Admin permissions for AD Groups

Hi 

can someone please advise if we can provide TPAM administrator access to AD based groups rather than individually

We have multiple teams who have so many members.

we would like provide administrator access to the groups in TPAM console.

Please advise if this is possible in TPAM console. Thank you. 

Parents
No Data
Reply
  • Hi,

    Yes this can be accomplished by setting up Auto Discovery of users from Active Directory. Here are the steps:

    Note: Auto Discovery requires to have a Domain Controller System added in TPAM (with Active Dir Platform) to be selected as the source for AD Auto Discovery.

    - Add a user template with a user type of "Administrator" and configure any additional settings in the template that should apply to the imported AD user such as primary or secondary authentication.

    - Create an Auto Discovery for users and point the LDAP Mapping to the AD group, you can either search for the AD group or type the distinguished name. 

    - Associate the User template created above to the Auto Discovery mapping.

    - This would essentially import the AD users from the AD group and add them to TPAM as Administrators as per the user template settings.

    - If the user already exists in TPAM then you may use the following configuration for collision strategy:

    > No Distinguished name mapping: Select Map to Existing.
    > Distinguished name mapping exists: No Action.
    > When an user mapped to a TPAM User is removed from the source: Here you can choose to (Disable User in TPAM or Leave user in TPAM but remove the mapping with AD Group).

    Please refer to the Administration Guide located here for further information on setting up Auto Discovery:

    support.oneidentity.com/.../technical-documents

    Thanks!

Children