Creating group accounts

You create group accounts by first displaying a list of AD groups and then selecting the ones from which you want to create HCP group accounts. After selecting the groups you want, you select the roles you want to associate with those group accounts.

You can create up to the maximum supported number of group accounts in a single operation (that is, 100).

In HCP, each AD group is identified by both the group name and the name of the AD domain in which the group is defined (for example, hcp-admin@ad.example.com). The HCP group account created from an AD group has the same name as the AD group, including the domain name. Internally, however, the HCP group account is associated with the security ID (SID) of the AD group.

You can create an HCP group account from any group defined in the AD forest that HCP uses for user authentication. The only exceptions are predefined groups such as Administrators that have the same SID in all domains.

You can use a single operation to both create new group accounts and change the roles associated with existing group accounts. In this case, all the accounts involved end up with the same roles.

To create group accounts:

1.On the Groups page in the System Management Console, click Add Active Directory Groups.

The Find and Select Groups section lists all the AD groups HCP knows about. Groups for which system-level HCP group accounts already exist are marked with a checkmark ( ).

2.Optionally, filter the list of AD groups:

a.In the Find and Select Groups field, type a text string to use as a filter for the list of AD groups. This string can be up to 64 characters long and can contain any valid UTF-8 characters, including white space. It is not case sensitive.

b.If Trusted Forests is enabled, in the From drop down menu, select the forest in which the group exists. This filters the groups down to only the groups that exist in the selected forest.

c.Click the find control ( ).

To redisplay the entire list of AD groups after filtering it, click the clear filter control ( ).

3.For each AD group from which you want to create an HCP group account, click the add control ( ) to select the group. The group row turns green.

Also, for each AD group with an existing HCP group account for which you want to change the associated roles, click the add control ( ) to select the group. The group row turns green.

To select all the groups in the list, click Select All.

To deselect a selected group, click the remove control ( ) for the group.

To deselect all the selected groups, click Clear.

4.In the Assign Roles to Selected Groups section, select the roles you want to associate with all the new group accounts you’re creating and all the existing group accounts for which you’re changing the associated roles. You can select any number of roles, including none.

5.Click Add Groups.

© 2015, 2020 Hitachi Vantara LLC. All rights reserved.