Question

Is there a link between Active Directory security groups and Security groups in LogicMonitor?

  • 3 March 2023
  • 4 replies
  • 80 views

Badge

Are we able to sync Security groups in LogicMonitor with security groups in Active Directory? This is our preferred way of managing group access in third party solutions if at all possible.
Ideally, I would like to add a user to an AD security group, and then LogicMonitor would sync that group and add them into the relevant LogicMonitor security group. This would massively improve the manageability of LogicMonitor for us, and improve security.
If this is not possible natively, is there API level access to LogicMonitor and could we for example have a script that scrapes certain group memberships and then pipes that data into LogicMonitor?


4 replies

Userlevel 7
Badge +20

Just checking, have you looked at this?

Badge

I’m actually posting this question on behalf of the engineering team, who I believe have looked at the SSO page you’ve shared. 

Badge +1

You can pass security roles to LM in the SSO payload as long as there is a 1 to 1 match to LM roles that already exist. It will only be effective for first time login/account creation via SSO. See the last section on the page Stuart linked for details on how we expect to recive those roles from the SSO IDP.

Userlevel 6
Badge +13

It will only be effective for first time login/account creation via SSO. 

This hasn’t been our experience. We add people to new LM groups in AD all the time and LM auto adds them to the new roles.

The one thing it doesn’t do tho is remove them from roles. So I have admins with the Read Only group still as well.

Reply