Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

BIG-IQ 6.0.1 and AD User Groups

Zuke_254875
Altostratus
Altostratus

This is a PoC for BIG-IQ, so I'm playing around with the system.

 

I've set up AD as the Auth Provider, assigned a User Group for my team, and assigned Administrator Role. However when trying to authenticate, an error message says "User has no roles or group associations."

 

I can't authenticate with my AD credentials until I also add my AD username under the Users list.

 

This is different from my LTMs, which permits authentication based on a user's security group membership.

 

Do I have to add specific users for every account that needs access to the BIG-IQ?

 

3 REPLIES 3

Leonardo_Souza
Cirrocumulus
Cirrocumulus

Yes, seems like BIG-IP and BIG-IQ are different in relation to that.

 

BIG IP creates the user "Other External Users" that basically represents all user that you did not manually setup.

 

That does not exist in BIG-IQ, however, you can just setup a user group in BIG-IQ that matches a group in the AD.

 

Any user in the group, will have the access you setup in the BIG-IQ user group.

 

Ryan_
Nimbostratus
Nimbostratus

Did you get this working? Having the same issue, have created the user group matching the AD group. But I cannot login unless I manually create the user aswell.

According to this lab it should work - https://clouddocs.f5.com/training/community/big-iq-cloud-edition/html/class4/module2/lab6.html

Ryan_
Nimbostratus
Nimbostratus

So the issue turns out to be that nested groups are not supported.