Introduction

This document describes how to integrate Active Directory users and security groups with Snow License Manager to manage users and roles via Active Directory.

Prerequisites

  • Snow License Manager 9.7.1 or later

  • Microsoft Active Directory

  • Active Directory user accounts must exist inside of Active Directory security groups.

Recommendation

We recommend that users and roles be managed exclusively via either Active Directory integration or Snow Management and Configuration Center.

Both alternatives can be used, but our recommendation is to choose only one to minimize the risk of allowing users access to areas to which they should not have access.

Example 17.

If Active Directory groups are integrated with Snow License Manager, and roles are manually added in Snow Management and Configuration Center, then there is a potential risk that a user that has been removed from an Active Directory group will still have access to Snow License Manager.

In this example, a former employee could have access to Snow License Manager even if they have left their company and their Active Directory account has been removed. In this case, the Active Directory group role for that user in Snow Management and Configuration Center was removed, but the manually added user role was not removed.