How to enable
Active Directory authentication
in PRTG in 4 steps
By default, PRTG uses its own internal account database to authenticate users. For many PRTG
customers, particularly those with smaller networks, this local authentication meets all their needs.
But for those working in more complex environments or those with a desire to reduce the number
of authentication mechanisms on their networks, PRTG includes the option to easily integrate
with Active Directory (AD).
In Active Directory, the users who require the same PRTG permissions must be in the same AD user group
- “PRTG_ADM” contains the two admin accounts that will have full administrator rights in PRTG
- “PRTG_RO” contains the four user accounts thatwill have read-only rights in PRTG
- In the PRTG web interface, select Setup | System Administration | Core & Probes from the main menu.
- In section Active Directory Integration, provide your local domain details.
- Enter the name of your local domain into the Domain Name field
- Under Access Type, select Use explicit credentials to define a user account that PRTG will use to authenticate against the Active Directory. This should be a user account with full access to all of your Active Directory groups.
- Under Access User, enter the Windows user account name that PRTG will use to authenticate for AD configuration.
- Under Access Password, enter the password of the Windows user account you entered above.
- Click Save to save your settings.
- In the PRTG web interface, select Setup | System Administration | User Groups from the main menu.
- Hover over the blue “+” button and select Add User Group.
- Provide a meaningful name for the new user group.
- Under Use Active Directory, select Yes.
- Under Administrative Rights, select Yes to give the group administrative rights in PRTG.
- Under Active Directory Group, select the AD group whose members will have access to PRTG. In the example above, the PRTG_ADM group has been chosen. For very large Active Directories, you will see an input field instead of a dropdown when you add or modify a user group. In this case, you can enter the group name only. PRTG will add the prefix automatically.
- Repeat these steps for the PRTG_RO AD security group to create a second group of usersthat can be granted read-only rights to PRTG functions.
- Now, members of the defined AD groups can log in to PRTG with the assigned level of rights.
- PRTG will create a new device group with the name [group_name] home in the device tree for each of the created AD user groups. This makes it easier to manage device tree rights for these groups.
- By default, no rights are set for the new PRTG user group. Initially, users in this group will not see any objects in the PRTG device tree. Edit your device tree object's settings and set access rights for your newly created user group in the Inherit Access Rights.
- The easiest way is to set access rights in the Root Group Settings.