It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How to Set Up Active Directory Groups for End-User Authentication

  • Last updated on

This article applies to Barracuda Cloud Control and the Barracuda Cloud Archiving Service.

You can add groups from your organization's AD servers to Barracuda Cloud Control and automatically assign Barracuda Cloud Archiving Service entitlements to AD groups.

Barracuda Networks does not support using default AD groups, such as Domain Users, when applying entitlements for user access. Due to limitations within AD, these groups may not contain all users or any users at all. Microsoft does not include the Domain Users group in the user attribute memberOf, which Barracuda Cloud Control uses to determine group association. For additional information, refer to the Windows Server forum discussion Can't get all member objects from Domain Users in LDAP.

Before adding users to Barracuda Cloud Control via your organization's AD servers, verify that users are enabled, are members of the domain, and that the mail attribute is set for each user.

Barracuda highly recommends creating an additional administrator account using an independent domain that does not use AD authentication. This allows access to your Barracuda Cloud Control account if your AD server goes down or fails.

Note that entitlements differ based on the selected product. For example, giving an LDAP group Email Gateway Defense entitlements via the Home > Admin > Groups page, gives all users Admin access. For details, see Understanding Entitlement Roles and Permissions.

Before Getting Started

Complete the steps in the article Configure Active Directory to add your Barracuda Cloud Archiving Service groups to Barracuda Cloud Control.

Automatically Assign Entitlements

  1. Log into Barracuda Cloud Control as the account administrator, and go to Home > Admin > Groups.
  2. Navigate to the AD group name you want to work with, and click Edit; the Edit Group page displays.
  3. Select the product entitlements to assign to the group, for example, Archiver, and click Save.

All users in the selected group are automatically granted the default role for the selected product. For example, the default Barracuda Cloud Archiving Service role is User. In this role, users can view messages accessible to the account, either because the username for the account is also that of the sender or recipient of a message, or because the user has been given explicit access to view an email address via Alias Linking.

For more information, see Understanding Entitlement Permissions and Roles.

Modify Permissions

Log into the Barracuda Cloud Archiving Service, or the product you selected above, and go to Home > Admin > Users to modify user product entitlement permissions.