Authentication Mode: This option controls whether the SMS server allows only users defined in the SMS to log in or to allow AD users with or without an SMS account to log in. If you choose to allow access for non-local users, you must also specify how the New Resource Group will be determined for those users. By default users are allowed to choose a New Resource Group.
Authorization Mode: This option controls whether the SMS server should query the AD for the user's group membership and attempt to map them to the local SMS groups.
New Resource Group Mapping Mechanism: This option controls how the users logging in using AD should have their New Resource Groups selected. The options include:
- Allow the user to choose: The user will be prompted to choose a group among their groups to be their new resource group.
- Use Active Directory Primary Group: The user will be granted their Active Directory Primary Group as their New Resource Group.
- Use Active Directory Attribute: The user will be granted the New Resource Group nominated as a value within a specified attribute.
New Resource Group Attribute: This attribute will be available if the above option is set to Use Active Directory Attribute. The options include:
- Telephones [Notes]
- GGroup Priority (an advanced attribute)
Mapping Failure: This option tells the SMS server what to do when group membership reported in Active Directory cannot be mapped. The options include:
- Reject Authentication: The login will be rejected.
- Accept Authentication with local groups: The login will be granted to the groups recorded in the SMS's database. This option is not available if you are allowing non local users to login.
- Accept Authentication with specified group: The login will be granted and the user will be granted this specified group.
How To: Configure Active Directory Global Group Mappings
- Login to the SMS from the client.
- Navigate to Admin->Authentication and Authorization->Authentication->Authentication Configuration->Active Directory tab.
- Within the Active Directory Global Group Mapping area, click Edit.
- IIn the dialog box that opens, select the appropriate mapping options that the SMS will utilize:
- Authentication Mode
- Authorization Mode
- New Resource Group Mapping Mechanism
- New Resource Group Mapping Attribute
- Mapping Failure Action
- Click OK when completed
Reference: SMS User Guide