Active Directory Group Authentication
Introduced in Callisto version 1908 and onward, Callisto Active Directory Group Authentication enables the Callisto administrator to associate Callisto Roles with AD Security Groups. This ensures that a new user is automatically granted the relevant rights in Callisto without the need for manual user creation.
To use this feature, first enable LDAP Authentication using Administration - Settings - User Management, more details here.
Once this is configured, we can assign an existing role to an Active Directory Group, or create a new role for a group. N.B. There is currently no support for nested groups.
Assigning an existing Callisto role to an Active Directory Group
Navigate to Administration - Roles.
Click the Edit button for the "Configuration Manager User" role
1. Select to enable the Active Directory (AD) function
2. Type the name of the Active Directory Security Group
3. Save your changes
In a separate browser session, attempt to log in with a user who is a member of the group you added above, the user can log in with either their AD username (example LennonJ) or their UPN (example JohnLennon@Apajove.com). You will see that the user is authenticated with their AD credentials and has the correct views presented via their role assignments: