Forum Discussion
Zuke_254875
Altostratus
AltostratusBIG-IQ 6.0.1 and AD User Groups
This is a PoC for BIG-IQ, so I'm playing around with the system.
I've set up AD as the Auth Provider, assigned a User Group for my team, and assigned Administrator Role. However when trying to authenticate, an error message says "User has no roles or group associations."
I can't authenticate with my AD credentials until I also add my AD username under the Users list.
This is different from my LTMs, which permits authentication based on a user's security group membership.
Do I have to add specific users for every account that needs access to the BIG-IQ?
Ryan_Nimbostratus
So the issue turns out to be that nested groups are not supported.
- Ryan_
Did you get this working? Having the same issue, have created the user group matching the AD group. But I cannot login unless I manually create the user aswell.
According to this lab it should work - https://clouddocs.f5.com/training/community/big-iq-cloud-edition/html/class4/module2/lab6.html
Leonardo_SouzaCirrocumulus
Yes, seems like BIG-IP and BIG-IQ are different in relation to that.
BIG IP creates the user "Other External Users" that basically represents all user that you did not manually setup.
That does not exist in BIG-IQ, however, you can just setup a user group in BIG-IQ that matches a group in the AD.
Any user in the group, will have the access you setup in the BIG-IQ user group.