Active Directory Integration: Managing Permissions

The permissions assigned to each MIDAS user who authenticates against your Active Directory are derived from the name of Primary Group the user is a member of within your Active Directory, and the permissions associated with the corresponding User Group in your MIDAS software with the same name.

If an AD user has no "Primary Group" set, and your MIDAS system isn't configured to block such users, the software will instead default to allocating the user a very basic/restrictive set of "view only" permissions instead.

To set a user's Primary Group in your Active Directory:

In the above example, the user's Primary Group in the Active Directory is "Staff".

This user's MIDAS permissions will subsequently be derived from the permissions you've specified for a User Group within MIDAS with the same name (i.e. "Staff") (You can set up user groups in your MIDAS system via MIDAS Admin Options → Manage Users & Permissions → Groups)

If the "Update User Permissions upon each login" option is enabled (MIDAS Admin Options → Manage Users & Permissions → Single Sign On (SSO)) then each time the user opens MIDAS, their MIDAS user permissions will be updated to reflect the current permissions associated with their User Group.

If the "Update User Permissions upon each login" option is not selected, their MIDAS permissions will be set based upon the group permissions at the time of their first access of MIDAS via Active Directory authentication. Once set, these permissions will not then be automatically updated again (i.e. subsequent changes to the user group's permissions within MIDAS will not be applied to existing users who have previously authenticated with MIDAS via Active Directory integration).

Leaving this option unselected can be useful if you wish to "tweak" specific individual user's permissions.

---

Next Up...

---