Showing results for 
Search instead for 
Did you mean: 

SIEM Foundations: Connect to AD for Login Authentication

ESM supports the ability to create and manage local accounts in ESM itself to manage authentication and permissions in the UI.  In many environments, however, it’s most convenient for users to leverage existing login credentials to authenticate into the ESM, rather than create a new set of local credentials.  This eliminates the need for the user to remember another set of credentials, and eliminates the need to provision and manage accounts in the EMS.  McAfee ESM supports authentication via a number of different enterprise authentication sources.  The one most commonly used is Active Directory.  In this walkthrough we'll outline the process to connect your SIEM to AD for login authentication.

To enable AD Login Authentication:

  1. Identify or create an AD group that you would like to use to control access to the SIEM.  Ensure all users that you would like to have access to ESM are members of the designated AD group.
  2. Create an ESM group. Log into ESM as the NGCP user.  Open the Users and Groups management screen in ESM (System Properties/Users and Groups). Create a new User Group in ESM with the exact same name as the designated group in AD.
  3. Enable your desired set of permissions for your users within the ESM User Group you have created.  Pay special attention to Privileges and Devices tabs.  For initial testing, you might choose to be fairly liberal with your permissions here.  Feel free to repeat steps 1-3 for additional groups, if you have multiple groups (perhaps with different permissions) that you’d like to enable.  You can always add additional groups in the future if desired.
  4. Enable AD authentication.  Select System Properties/Login Security.  In this tab, click Add to create the definition for your Domain Controller.  Enter your Domain Name, and click Add to enter AD address information:
    Apply changes and then close the AD dialog.
  5. Test authentication.  Open the web interface to ESM in another browser window.  Authenticate with your Microsoft Windows domain credentials (in a simple one-AD configuration like we have, there is no need to provide the domain name).  You should find that you are transparently authenticated to ESM, with the proper permissions associated with your group.  If you examine the list of users in System Properties/Users and Groups, you should find that a new user account was transparently provisioned in the ESM, with the proper group membership applied.

IMPORTANT NOTE: Once AD authentication is enabled, you will not be able to login to ESM with local user accounts.  The only local user account that will remain accessible will be NGCP.

« previousoutlinenext »


Very useful document! Step 2 "Exact same name" AND case. Case is very important!

Version history
Revision #:
1 of 1
Last update:
‎08-10-2014 09:01 PM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community