(Optional) Map User Roles to External Groups
In NetWitness, external groups derive permissions for various modules and views from NetWitness user roles, which have permissions assigned to them. To provide access to an external group, map user roles to it. To modify an external group's access, edit the roles mapped to it. Add and delete roles until the external group has the necessary access. Changes take effect immediately.
In NetWitness Platform 12.4 or later, If you want to complete user authentication without depending on Active Directory configuration in NetWitness, you must go to (Admin) > Security > Single Sign-On Settings tab and select Enable the SAML Token Based SSO Authorization before you proceed to map user roles to external groups.
In the (Admin) > Security > Settings tab, you must set up a method (Active Directory or SSO or PAM) for external user authentication to make external groups visible to NetWitness.
Add Role Mapping for an External Group
To add role mapping for an external group:
- Go to (Admin) > Security.
The Security view is displayed with the Users tab open. - Click the External Group Mapping tab.
- In the toolbar, select the external authentication method (Active Directory, PAM, or SSO) and then click .
The Add Role Mapping dialog for the external authentication method you selected is displayed.
If you are configuring SAML Token Based SSO Authorization, the Search for External Groups field will not be available, instead, you are required to enter SAML Group Name and proceed to map roles.The SAML Group Name should be the same as the group name in ADFS and match the format and attribute value that is being sent in the SAML token from ADFS.
- Click Search and search for an external group name in the Search for External Groups, then select an external group name.
- To add roles to the group mapping, click in the Mapped Roles section.
The Add Role dialog is displayed. - Select the checkbox in the title bar to select all roles, or select roles individually.
- Click Add to add the roles to the Mapped Roles section in the Add Role Mapping dialog.
- If you want to delete roles from the Mapped Roles section, select the roles and click .
- When the Add Role Mapping dialog reflects the role mapping that you want to define for the group, click Save.
The Add Role Mapping dialog closes, and the new role mapping is listed in the External Group Mapping tab list.
Edit Role Mapping for a Group
To edit role mapping in a group:
- In the External Group Mapping action bar select the external authentication method (Active Directory, PAM, or SSO) > External Group and click (Edit) in the action bar.
The Edit Role Mapping dialog is displayed with the group name in the External Group Name field. - To add roles to the mapping, click in the Mapped Roles section.
The Add Role dialog is displayed. - Select the checkbox in the title bar to select all roles, or select roles individually.
- Click Add to add the selected roles to the Mapped Roles section in the Add Role Mapping dialog.
The dialog closes, and the selected roles are displayed in the Mapped Roles section. - If you want to delete roles from the Mapped Roles section, select the roles and click .
- When the Edit Role Mapping dialog reflects the role mapping that you want to define for the group, click Save.
The dialog closes, and the edited role mapping is listed in the External Group Mapping tab.