AD Authentication in Hosting Controller
Hosting Controller now allows Active Directory groups to access the various provisioning tiers of the control panel and perform related activities at their respective levels. Each level (Host, Reseller, Tenant Admin) is represented by an AD group and all members of a certain group can login to the panel at the appropriate level. The members of the Host’s group can login with their AD credentials as hosts. Similarly the members of the Reseller and Tenant Admin groups can login with their AD credentials as resellers and tenant admins.
Creating Access Groups and Users
The below steps outline the procedure for creating access groups and users in the AD for the purpose of accessing and using the control panel.
- Login to the panel as the Host.
- Perform AD Authentication Configurations at http://panel-url/Configurations/ControlPanelSettings.aspx
- Create an HCadmin group manually under the specified OU in the AD.
- Create users in the AD or use existing ones and make them members of the HCadmin group.
- Login to the panel with any of those users.
- Create Resellers from the panel. These Resellers would automatically be created as groups in AD.
- Add members to the Reseller’s group. All members of the Reseller’s group would be able to login at the Reseller level.
- Create Tenant Admins from the panel. These Tenant Admins would automatically be created as groups in AD.
- Add members to the Tenant Admin’s group. All members of the Tenant Admin’s group would be able to login at the Tenant Admin level.
Note: This setting is stored in HC Database Table tblControlPanelSettings, in case DC is down then you will not be able to login in the Panel and you will have to modify DC in HC database.
Benefits of Granting Group Access to the Panel
- The entire notion of granting group level access to the panel revolves around the ability to have multi-user access for the same level. Multiple users of the same AD group can login to the panel, with their respective credentials and perform desired tasks.
- Most organizations require their existing AD user base to login directly to an automation solution, using their AD credentials. Hosting Controller fulfills the desired objective by making AD authentication possible.
- Each individual user can be held accountable for his actions. User audit across user base can easily be made possible.