Thursday, 20 March 2014

Paessler: Active Directory Integration

By following the steps below, you are able to integrate your Paessler PRTG with your Microsoft Active Directory.

Step 1: Prepare Your Active Directory
  • In your Active Directory, please make sure that users you want to give access to PRTG are member of the same AD group.
  • You can also organize users in different groups, for example, one group whose members will have administrator rights within PRTG, and another one whose members will have read-only rights within PRTG.

Step 2: Prepare Your PRTG Server
  • Make sure that the computer running PRTG is member of the domain you want to integrate it to. You can check this setting in your machine's System Properties (for example, Control Panel | System and Security | System , click on Change settings link).

Step 3: Add Domain and Credentials (optional) to System Settings
  • In the PRTG web interface, switch to the System Administration—System and Website settings.
  • In the Active Directory Domain field, enter the name of your local domain. Note: You can only integrate one AD domain into PRTG.
  • Optional : PRTG will use the same Windows user account used to run the "PRTG Core Server Service". By default, this is the "local system" Windows user account. If this user does not have sufficient rights to query a list of all existing groups from the Active Directory, you should provide credentials of a user account with full AD access by using the Use explicit credentials option.
  • Save your settings.

Step 4: Add a New User Group

  • Switch to the User Groups tab (see System Administration—User Groups ).
  • Click on the Add User Group button to add a new PRTG user group.
  • In the dialog appearing, enter a meaningful name and set the Use Active Directory setting to Yes .
  • From the Active Directory Group drop down menu, select the group of your Active Directory whose members will have access to PRTG. If you have a very large Active Directory, you will see an input field instead of a drop down. In this case, you can enter the group name only; PRTG will add the prefix automatically.
  • With the New User Type setting, define the rights a user from the selected Active Directory group will have when logging in to PRTG for the first time. You can choose between Read/Write User or Read Only User (latter is useful to show data only to a large group of users).
  • Save your settings.

Done
That's it. All users in this Active Directory group can now log in to PRTG using their AD domain credentials. Their user accounts will use the PRTG security context of the PRTG user group you just created. 

Notes
  • Active Directory users can log in to the web interface using their Windows username and password (please do not enter any domain information in PRTG's Login Name field). When such a user logs in, PRTG will automatically create a corresponding local account on the PRTG core server. Credentials are synchronized with every login.
  • By default, there aren't any rights set for the new PRTG user group. Initially, users in this group will not see any objects in the PRTG device tree. Please edit your device tree object's settings and set access rights for your newly created user group in the Inherit Access Rights section. Note: The easiest way is to set these rights in the Root Group Settings .
  • PRTG does not support SSO (single sign-on).


Reference:
Active Directory Integration
http://www.paessler.com/manuals/prtg9/active_directory_integration

No comments:

Post a Comment