cancel
Showing results for 
Search instead for 
Did you mean: 
mrl
Level 7
Report Inappropriate Content
Message 1 of 2

Using nested groups for Active Directory authentication?

Is it possible to login to ESM using a user in a nested Active Directory group?

For example:

  • Nitro Users (top level AD group - this is also a group within ESM)

          -> Level 2 Users (nested AD group within Nitro Users - NOT a group within ESM)

               johndoe (user in "Level 2 Users" nested AD group)

               janedoe

I've attempted the above approach and it doesn't seem to work. If I add "Nitro Users" as an AD group within ESM, johndoe cannot login. However, if I add johndoe directly to the Nitro Users top level group, he CAN login.

This probably sounds overly complex, but we are actually doing this for simplicity of management because in our environment we have a rather complex permissions structure and a lot of Active Directory groups to manage. I just want to know if ESM can support this functionality or if I have to put users directly in the top level group in order for AD auth to work.

Thanks in advance.

1 Reply
ddd671
Level 9
Report Inappropriate Content
Message 2 of 2

Re: Using nested groups for Active Directory authentication?

I don't know if this will work, but have you tried adding "Level 2 Users" AD group to the SIEM?