It's possible to configure an LDAP User's Client Organization by using LDAP Groups within Yellowfin. I'll detail this process here, using a similar environment to our main LDAP article.
This article presumes a working connection between Yellowfin and LDAP, configured and properly authenticating.
LDAP Groups Within Yellowfin
Once Yellowfin is authenticating against your LDAP environment, it's possible to query your directory and list existing Groups. These groups can be treated similar to User Groups within Yellowfin, in the sense that LDAP Groups can be added to Yellowfin User Groups. This allows another manner in which to manage user rights and access more dynamically.
In example, I'll create a User Group named 'LDAP Group' in Yellowfin. I can now assign this group Dashboard Tabs and add Members to this group. I've decided I want all of my LDAP Users to be in this group, as a base example. Rather than manually assigning each user after they log in, I'll assign their group to this User Group. To do so, under 'Member Selection' click 'Search', followed by 'LDAP'. You'll now see a list of your LDAP groups:
I'm going to choose the base folder I used in the previous tutorial, as I've stated I want ALL LDAP users in this group. The end result looks something like this:
In the current state, any user created that is part of the 'YFgroup' within LDAP will now be a part of this User Group. This is one example of using LDAP Groups within Yellowfin.
Assigning LDAP Users to Client Orgs Before Login
As I've stated in previous tutorials, an LDAP Users is not created in Yellowfin until their first login. There are cases where we may want to limit access to the Default Org and dictate a Client Organization to an LDAP User. We can do this using the LDAP Groups feature!
In this example, I have 'Client Org 1'. I want any LDAP User who belongs to the LDAP Group 'Client Org 1' to be created within this organization. Note, this user must not have logged in yet and must also belong to 'YFgroup' to be allowed to create this user account.
I have added my LDAPUser1 to the LDAP Group 'Client Org 1'. I want this user to be created at that organization's level and no others. Here is the user's membership:
Now, I'll hop over to edit my Client Organization. I want to 'Add' users to this Client Org. I'll now click 'LDAP' to list possible objects here. I want the 'Client Org 1' group:
This means any user that belongs to this LDAP Group will now be part of this Client Org. Save these changes.
Now it's time to log in as LDAPUser1 and test! Upon logging in, this user has no admin privileges so I can't view the Admin Console. I can, however, see that my Client Org is 'Client Org 1':
And in proving this concept, the Default Org does NOT contain this user:
If you have issues with this process, feel free to open a support ticket!