The answer is more 'sort of'. So Marek is entirely correct however users which are created in this way are NOT assigned to any locations nor organizations so there is manual (or scripted) post work required to be done.
I raised [1] in 2015, it's private but the comments are: Currently, when you create a user you have to assign that user to a location in order for that user to be able to view / manage entities within that location. However this is not ideal for two key reasons: 1) Users which belong to the same group and role still require manual tasks to be performed to ensure they can behave is a consistent manner. 2) Users created via LDAP / AD where the 'Automatically create accounts in Foreman' option is checked are not added to ANY location. This means that manual steps have to be take to add the users to locations and organizations. This RFE therefore is to allow location / organization details to be assigned per user group as the user groups section maps users to AD (or internal) groups and maps the groups to roles. This should be enhanced to add Organizations and Locations such that users created who belong to this group will be assigned locations and organizations commensurate to these groups. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1293835 On Friday, October 27, 2017 at 4:17:07 PM UTC-4, Marek Hulán wrote: > > On pátek 6. října 2017 22:27:46 CEST Charlie Baum wrote: > > Pretty new to Foreman and standing up our first POC of the product. > > > > Can someone verify/shoot down a question I have? Does Foreman not > support > > AD group authentication? In other words, can you authenticate to the > > Foreman UI without being setup as a local Foreman user first? I am > playing > > around with AD stuff in there and got my AD account setup for access > just > > fine. I created a user group linked to an external AD account but > unless I > > setup the user locally in Foreman, a member of that AD group could not > > login to Foreman. Is this by design or am I overlooking something? > Thanks > > folks! > > > > CB > > Hello, yes, this is entirely possible. Just setup LDAP auth source. Double > check you have "Automatically create accounts in Foreman" checkbox enabled > for > this auth source (it's under Account tab) > > Hope this helps > > -- > Marek > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.