The LoadMaster enables you to authenticate to the WUI using LDAP groups. This means you do not need to set up local users on your LoadMasters.

If you do not use group authentication, you would need to create a local user on each LoadMaster (or one LoadMaster in a High Availability (HA) pair). You would need to define a password for LoadMaster access and for Active Directory. Initially, both passwords could be the same. However, if a user changes their Active Directory password, the passwords become different and this can cause confusion, in addition to the user having to remember another password.

Using group authentication allows you to configure LDAP endpoint (for example, Active Directory) group names on the LoadMaster. The LoadMaster queries the endpoint to check if a user is a member of the LoadMaster group. The response from the endpoint is either authentication failure or success.

If the user changes their Active Directory password, their access to the LoadMaster is still granted (if they are a member of a defined group) because the Active Directory is queried by the LoadMaster for authentication.

The LoadMaster user is able to use their Active Directory password to access any LoadMaster and acquire the permissions of the Active Directory group they are a member of for use on the LoadMaster.

When a user logs in, a check of the user groups on the Active Directory is performed if the following conditions are met:

  • If LDAP WUI Authentication is enabled, and
  • A list of groups is defined, and
  • The user logging in is not locally defined or the Local Users option is disabled

To configure WUI authentication using LDAP groups, first create an LDAP endpoint configuration, then create the remote user groups and select them in the WUI Authentication and Authorization screen. Refer to the sections below for further details.