Forum Discussion

Rab_Sherwood's avatar
2 years ago

Is there a link between Active Directory security groups and Security groups in LogicMonitor?

Are we able to sync Security groups in LogicMonitor with security groups in Active Directory? This is our preferred way of managing group access in third party solutions if at all possible.
Ideally, I would like to add a user to an AD security group, and then LogicMonitor would sync that group and add them into the relevant LogicMonitor security group. This would massively improve the manageability of LogicMonitor for us, and improve security.
If this is not possible natively, is there API level access to LogicMonitor and could we for example have a script that scrapes certain group memberships and then pipes that data into LogicMonitor?

  • It will only be effective for first time login/account creation via SSO. 

    This hasn’t been our experience. We add people to new LM groups in AD all the time and LM auto adds them to the new roles.

    The one thing it doesn’t do tho is remove them from roles. So I have admins with the Read Only group still as well.

  • You can pass security roles to LM in the SSO payload as long as there is a 1 to 1 match to LM roles that already exist. It will only be effective for first time login/account creation via SSO. See the last section on the page Stuart linked for details on how we expect to recive those roles from the SSO IDP.

  • I’m actually posting this question on behalf of the engineering team, who I believe have looked at the SSO page you’ve shared.