BIG-IQ 6.0.1 and AD User Groups

Zuke_254875 · ‎27-Sep-2018

This is a PoC for BIG-IQ, so I'm playing around with the system.

I've set up AD as the Auth Provider, assigned a User Group for my team, and assigned Administrator Role. However when trying to authenticate, an error message says "User has no roles or group associations."

I can't authenticate with my AD credentials until I also add my AD username under the Users list.

This is different from my LTMs, which permits authentication based on a user's security group membership.

Do I have to add specific users for every account that needs access to the BIG-IQ?

Leonardo_Souza · ‎27-Sep-2018

Yes, seems like BIG-IP and BIG-IQ are different in relation to that.

BIG IP creates the user "Other External Users" that basically represents all user that you did not manually setup.

That does not exist in BIG-IQ, however, you can just setup a user group in BIG-IQ that matches a group in the AD.

Any user in the group, will have the access you setup in the BIG-IQ user group.

Ryan_ · ‎04-Apr-2022

Did you get this working? Having the same issue, have created the user group matching the AD group. But I cannot login unless I manually create the user aswell.

According to this lab it should work - https://clouddocs.f5.com/training/community/big-iq-cloud-edition/html/class4/module2/lab6.html

Ryan_ · ‎04-Apr-2022

So the issue turns out to be that nested groups are not supported.

DevCentral

BIG-IQ 6.0.1 and AD User Groups

Register For AppWorld 2024

DevCentral Podcasts