Forum Discussion

Zuke_254875's avatar
Zuke_254875
Icon for Altostratus rankAltostratus
Sep 27, 2018

BIG-IQ 6.0.1 and AD User Groups

This is a PoC for BIG-IQ, so I'm playing around with the system.

 

I've set up AD as the Auth Provider, assigned a User Group for my team, and assigned Administrator Role. However when trying to authenticate, an error message says "User has no roles or group associations."

 

I can't authenticate with my AD credentials until I also add my AD username under the Users list.

 

This is different from my LTMs, which permits authentication based on a user's security group membership.

 

Do I have to add specific users for every account that needs access to the BIG-IQ?

 

  • Ryan_'s avatar
    Ryan_
    Icon for Nimbostratus rankNimbostratus

    So the issue turns out to be that nested groups are not supported. 

  • Yes, seems like BIG-IP and BIG-IQ are different in relation to that.

     

    BIG IP creates the user "Other External Users" that basically represents all user that you did not manually setup.

     

    That does not exist in BIG-IQ, however, you can just setup a user group in BIG-IQ that matches a group in the AD.

     

    Any user in the group, will have the access you setup in the BIG-IQ user group.