Adding LDAP Operators

You can create accounts for operators to access the console by using an existing Active Directory or LDAP account.

When you select this option, an operator with the same name as the one specified in the LDAP directory, is added to the operators node in the Domain Panel on the BigFix console. These operators can then log in as usual, using one of the following notations:

username
username@domain
domain\username

The permissions assigned to that user in the LDAP directory are not inherited by the newly created operator. You must either assign the needed permissions to the operator or assign the operator to an existing role.
Note:

Starting from version 9.2.6 for accesses to Web UI and Web Reports, and from version 9.5 for accesses to the Console, you can integrate BigFix with SAML V2.0 to provide BigFix LDAP operators with:

  • Two-factor authentication with Common Access Cards (CAC), Personal Identity Verification (PIV) cards, or other factors, if required by the Identity Provider.
  • Web-based Single Sign-On authentication method from the identity provider login URL.

For more information, see Enabling SAML V2.0 authentication for LDAP operators.

To add an LDAP operator, complete the following steps:

  1. Ensure that the needed Active Directory or LDAP directory is added to the BigFix environment.
  2. Click the Tools > Add LDAP Operator menu item or right click in the work area and then select Add LDAP Operator. The Add LDAP User dialog appears.
    This window displays the Add LDAP User dialog.
  3. You can query and filter the users defined on the specified LDAP server using the Search field and the two radio buttons.
  4. When you find the user to add as LDAP operator, select it and click Add. The Console Operator panel opens.
    This window displays the Console Operator panel where you have to enter some operator permission details.
  5. From the Details tab assign operator permissions.

    You can decide to give the operator the ability to trigger restart and shutdown as Post-Action or to include them in BigFix Action Scripts. Depending on the configuration that you set for a specific operator for shutdown and restart, the radio button in the Post Action tab of the Take Action panel might be disabled for that operator. This configuration has no effect on actions with action script type other than BigFix Action Script.

    You can also set permissions to access the BigFix Console and REST API.

  6. The Administered Computers tab lists the computers managed by this operator.
  7. From the Assigned Role tab, select the roles that you want to assign or unassign this operator to.
  8. From the Sites tab, assign the sites that you want this operator to have access to or unassign them.
  9. From the Computer Assignments tab, specify the properties that must be matched by the computers that the operator can manage.
  10. To save the changes click Save Changes.

At any time, you can also convert a local operator to an LDAP operator. To do this, follow these steps:

  1. From any list of local operators, right click on the operator you want to convert.
  2. From the context menu, select Convert to LDAP Operator.