Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

What is Active Directory Global Group Mapping?

    • Updated:
    • 28 Aug 2017
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Active Directory Global Group Mapping is a configuration setting option for SMS that specifies how the SMS will behave when utilizing Active Directory (AD) information.

Authentication Mode: This option controls whether the SMS server allows only users defined in the SMS to log in or to allow AD users with or without an SMS account to log in. If you choose to allow access for non-local users, you must also specify how the New Resource Group will be determined for those users. By default users are allowed to choose a New Resource Group.

Authorization Mode: This option controls whether the SMS server should query the AD for the user's group membership and attempt to map them to the local SMS groups.

New Resource Group Mapping Mechanism: This option controls how the users logging in using AD should have their New Resource Groups selected. The options include:

  1. Allow the user to choose: The user will be prompted to choose a group among their groups to be their new resource group.
  2. Use Active Directory Primary Group: The user will be granted their Active Directory Primary Group as their New Resource Group.
  3. Use Active Directory Attribute: The user will be granted the New Resource Group nominated as a value within a specified attribute.

New Resource Group Attribute: This attribute will be available if the above option is set to Use Active Directory Attribute. The options include:

  1. Telephones [Notes]
  2. GGroup Priority (an advanced attribute)

Mapping Failure: This option tells the SMS server what to do when group membership reported in Active Directory cannot be mapped. The options include:

  1. Reject Authentication: The login will be rejected.
  2. Accept Authentication with local groups: The login will be granted to the groups recorded in the SMS's database. This option is not available if you are allowing non local users to login.
  3. Accept Authentication with specified group: The login will be granted and the user will be granted this specified group.

How To: Configure Active Directory Global Group Mappings

  1. Login to the SMS from the client.
  2. Navigate to Admin->Authentication and Authorization->Authentication->Authentication Configuration->Active Directory tab.
  3. Within the Active Directory Global Group Mapping area, click Edit.
  4. IIn the dialog box that opens, select the appropriate mapping options that the SMS will utilize:
    • Authentication Mode
    • Authorization Mode
    • New Resource Group Mapping Mechanism
    • New Resource Group Mapping Attribute
    • Mapping Failure Action
  5. Click OK when completed


Reference: SMS User Guide

Configure; Troubleshoot; Deploy
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.