On the General tab, you can grant a profile with permissions to other LogRhythm modules and configure Active Directory Group Authorization. Before making modifications to the Active Directory Group Authorization section, ensure you have the appropriate Active Directory permissions and security rights. For more information, see Active Directory Domain Manager.
- On the main toolbar, click Deployment Manager.
- On the Tools menu, click Administration, and then click User Profile Manager.
The User Profile Manager window appears and lists the existing User Profiles.
- Click an existing user profile to select it, and then click Properties.
- In the User Profile Name section, add or modify the profile name.
- On the Security Role menu, select a role for the profile.
In the Allow section, select the check box of each module to which the profile should be granted access.If you are creating a new profile, you must save the profile and reopen it before you can add Active Directory Domains and Groups. You need to select at least one Entity on the Entities tab before you can save and close the profile.
- To add an Active Directory domain and group to be synchronized with the user profile, right-click anywhere in the Active Directory Group Authorization grid, and then click New.
The AD Group Authorization Properties dialog box appears.
Select an AD domain from the Active Directory Domain menu, and type the group name in the Active Directory Group Name box.You can only select an existing AD domain, the group name must be a valid group in the domain, and the domain must be included in both AD sync and group based authorization. For more information, please refer to Active Directory Synchronization.
- To validate the selected domain and group name, click Validate.
If the validation succeeds, click OK to continue. If the validation fails, ensure that the group name is valid in the domain and that the domain is configured correctly.If you want to delete an Active Directory and group from the profile, select the row you want to delete, right-click anywhere in the Active Directory Group Authorization grid, and then click Delete. You need to confirm the deletion.
- If you want to assign an email address and phone number as business connections for users, select the Synchronize business and email address and phone number check box.
- Select a default Alarm Notification Policy from the Default Policy menu.
- (Optional) Add a brief description for the profile.
- Click Next to proceed to the Entities tab, or click OK to save the profile and close the User Profile Properties dialog box.