Skip to content

Local Directory Groups Management

The software features a built-in Local User Directory for managing users, groups, and group memberships to define permissions and roles for objects.

Furthermore, besides the default "local" local user directory, the software supports the creation of additional local user directories. This functionality enables the delegation of security management to regional or departmental divisions.

Create new Local Groups

Local groups can be created to organize user memberships to make the application of permissions and roles easier to perform. To create a new local group:

  1. Log in with an Administrator or Directory Manager account.
  2. Navigate to Management > Groups and click the Add button.
  3. Populate the fields for the new local group as required:
    1. Name: Enter a unique, but recognizable name for this group.
    2. Description: Optionally, enter a short description of this group.
  4. Click the Add Members button to begin adding users to this group's membership. Membership can include user accounts from the local directory or any other configured external user directory in this tenant.
  5. Click the Save button to complete the group creation operation.

Manage Local Groups and Members

Administrator or Directory Manager accounts can also manage existing local Groups. To manage a local group:

  1. Log in with an Administrator or Directory Manager account.
  2. Navigate to Management > Groups, locate the group to manage and use the Actions menu on the right side:
    1. Edit: Use the Edit option to update this local group, including Name, Description and to Add or Remove Membership.
    2. Delete: Use the Delete option to delete this local group. This is a permanent operation that cannot be undone.
  3. After your edit is complete, click the Save button to save the update.

Local Directory Group Usage

The Local User Directory is utilized across various components of the system.

  • Authentication - When the Login button is pressed on the software's authentication screen, it tries to authenticate the user account using the provided account and password information across each enabled Local User Directory marked with the "Direct Login" flag. This process occurs sequentially, following alphabetical order.
    Users have the option to specify a particular Local User Directory for authentication by entering its name before the account name in the user field, separated by a backslash. For instance, in the format "dir-name\account", or "local\account" for accounts in the default embedded local user directory.

  • Authorization - The software utilizes account and group membership data obtained from the configured Local User Directory to verify permissions set for objects and roles. Groups in the Local User Directory may encompass users and group members sourced from other directories such as LDAP Servers, Entra ID tenants, and additional local user directories.

  • Permissions - System owners can search for user accounts and groups in the configured Local User Directory to use in object and role permissions.

  • Metadata - The software might use account metadata obtained from the configured Local User Directory to improve the visual presentation for different system functionalities. Examples of LDAP metadata include an account's Thumbnail or Display Name.

Note

By allowing users and groups from other directories to be members of local user directory groups presents an opportunity to define system object permissions and roles using the generic terms of local groups. This architecture separates the maintenance of local groups from the security architecture.