You can allow active directory users (AD) to log in to Log Insight by using their domain credentials.

When you enable AD support in Log Insight, you configure a domain name and provide a binding user that belongs to the domain. Log Insight uses the binding user to verify the connection to the AD domain, and to verify the existence of AD users and groups.

The AD users that you add to Log Insight must either belong to the domain of the binding user, or to a domain that trusts the domain of the binding user.

Verify that you are logged in to the Log Insight Web user interface as an Admin user. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the Log Insight virtual appliance.

Verify that you configured the AD support. See Enable User Authentication Through Active Directory.

1

Click the configuration drop-down menu icon and select Administration.

2

Under Management, click Users.

3

Click New User.

4

From the Authentication Method drop-down menu, select Active Directory.

The default domain name that you specified when you configured AD support appears in the Domain text box. If you are adding users from the default domain, do not modify the domain name.

5

(Optional) If you want to add a user from a domain that trusts the default domain, type the name of the trusting domain in the Domain text box.

6

Type the name of a domain user.

7

From the Role drop-down menu, select the user role.

Option

Description

Normal User

Normal users can access the full functionality of Log Insight to view log events, run queries to search and filter logs, import content packs into their own user space, add alert queries, and manage their own user accounts to change their password or email address. Normal users do not have access to the administration options, cannot share content with other users, and cannot modify the accounts of other users, and cannot install a content pack as a content pack.

Admin

Admin users can access the full functionality of Log Insight, can administer Log Insight, and can manage the accounts of all other users.

8

Click Save.

Log Insight verifies whether the user exists in the domain that you specified or in its trusted domains. If the user does not exist, a dialog box informs you that Log Insight cannot verify that user. You can save the user without verification or cancel and correct the user name.

AD users that you add can use their domain credentials to log in to Log Insight.