Instead of adding individual domain users, you can add domain groups to allow users to log in to Log Insight.

When you enable AD support in Log Insight, you configure a domain name and provide a binding user that belongs to the domain. Log Insight uses the binding user to verify the connection to the AD domain, and to verify the existence of AD users and groups.

The AD groups that you add to Log Insight must either belong to the domain of the binding user, or to a domain that is trusted by the domain of the binding user.

Verify that you are logged in to the Log Insight Web user interface as an Admin user. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the Log Insight virtual appliance.

Verify that you configured the AD support. See Enable User Authentication Through Active Directory.

1

Click the configuration drop-down menu icon and select Administration.

2

Under Management, click Users.

3

Under Active Directory Groups, click New Group.

The default domain name that you specified when you configured AD support appears in the Domain text box. If you are adding groups from the default domain, do not modify the domain name.

4

(Optional) If you want to add a group from a domain that trusts the default domain, type the name of the trusting domain in the Domain text box.

5

Type the name of the AD group that you want to add.

6

From the Role drop-down menu, select the user role.

Option

Description

Normal User

Normal users can access the full functionality of Log Insight to view log events, run queries to search and filter logs, import content packs into their own user space, add alert queries, and manage their own user accounts to change their password or email address. Normal users do not have access to the administration options, cannot share content with other users, and cannot modify the accounts of other users, and cannot install a content pack as a content pack.

Admin

Admin users can access the full functionality of Log Insight, can administer Log Insight, and can manage the accounts of all other users.

7

Click Save.

Log Insight verifies whether the AD group exists in the domain that you specified or in a trusting domain. If the group cannot be found, a dialog box informs you that Log Insight cannot verify that group. You can save the group without verification or cancel to correct the group name.

Users that belong to the AD group that you added can use their domain account to log in to Log Insight and have the same level of permissions as the group to which they belong.