(Optional) Map User Roles to External Groups

In NetWitness, external groups derive permissions for various modules and views from NetWitness user roles, which have permissions assigned to them. To provide access to an external group, map user roles to it. To modify an external group's access, edit the roles mapped to it. Add and delete roles until the external group has the necessary access. Changes take effect immediately.

In NetWitness Platform 12.4 or later, If you want to complete user authentication without depending on Active Directory configuration in NetWitness, you must go to AdminIcon.png (Admin) > Security > Single Sign-On Settings tab and select Enable the SAML Token Based SSO Authorization before you proceed to map user roles to external groups.

In the AdminIcon.png (Admin) > Security > Settings tab, you must set up a method (Active Directory or SSO or PAM) for external user authentication to make external groups visible to NetWitness.

Add Role Mapping for an External Group

To add role mapping for an external group:

  1. Go to AdminIcon.png (Admin) > Security.
    The Security view is displayed with the Users tab open.
  2. Click the External Group Mapping tab.
  3. In the toolbar, select the external authentication method (Active Directory, PAM, or SSO) and then click icon_add.png.
    The Add Role Mapping dialog for the external authentication method you selected is displayed.
    If you are configuring SAML Token Based SSO Authorization, the Search for External Groups field will not be available, instead, you are required to enter SAML Group Name and proceed to map roles.The SAML Group Name should be the same as the group name in ADFS and match the format and attribute value that is being sent in the SAML token from ADFS.
    AddRoleMap_AD.png AddRoleMap_PAM.png 124_Saml_Token_UserGroup.png
  4. Click Search and search for an external group name in the Search for External Groups, then select an external group name.
  5. To add roles to the group mapping, click icon_add.png in the Mapped Roles section.
    The Add Role dialog is displayed.
    AddRoleSelect.png
  6. Select the checkbox in the title bar to select all roles, or select roles individually.
  7. Click Add to add the roles to the Mapped Roles section in the Add Role Mapping dialog.
  8. If you want to delete roles from the Mapped Roles section, select the roles and click ic-delete.png.
  9. When the Add Role Mapping dialog reflects the role mapping that you want to define for the group, click Save.
    The Add Role Mapping dialog closes, and the new role mapping is listed in the External Group Mapping tab list.

Edit Role Mapping for a Group

To edit role mapping in a group:

  1. In the External Group Mapping action bar select the external authentication method (Active Directory, PAM, or SSO) > External Group and click edit.png (Edit) in the action bar.
    The Edit Role Mapping dialog is displayed with the group name in the External Group Name field.
  2. To add roles to the mapping, click icon-add.png in the Mapped Roles section.
    The Add Role dialog is displayed.
  3. Select the checkbox in the title bar to select all roles, or select roles individually.
  4. Click Add to add the selected roles to the Mapped Roles section in the Add Role Mapping dialog.
    The dialog closes, and the selected roles are displayed in the Mapped Roles section.
  5. If you want to delete roles from the Mapped Roles section, select the roles and click ic-delete.png.
  6. When the Edit Role Mapping dialog reflects the role mapping that you want to define for the group, click Save.
    The dialog closes, and the edited role mapping is listed in the External Group Mapping tab.