Add and Map a Local User Group to an External Domain User Group

Use this task to allow the external domain user belonging to the external domain user group to inherit the group-based authorization privileges of the local user group.

The external domain user is authenticated by a domain server, such as a RADIUS server or Active Directory domain controller. You must map the external domain user group to the local (internal) user group that was created for this purpose.

See the Find an External Domain User Group section for more information about finding the external domain user group name that you need for this task.

1. Under the User Management folder, select the Groups leaf node.
2. In the User Groups pane, click Add.
3. In the Add Group dialog box, complete the following fields:

   Name	Description
   Group name field	The local user group name that you want to use for authorization privileges. For example, LocalUGforDomainUG. Use the following guidelines for naming this group: Use a minimum of three characters and maximum of 50. The name must start with an alphabetical character. You are allowed to use alphanumeric characters, hyphens, and underscores. The user group name is case insensitive. The user group must be unique.
   External group name field	For Active Directory (LDAP), the external domain user group name. For example, Domain UG. For RADIUS, the external group name should map to attribute 11 (Filter-ID), which is in the RADIUS reply. Note: You must have at least one external domain user group entry configured on the domain server in order for this field to be displayed in the dialog box.
   Group permissions copy from drop-down list	Choose from the following default user groups to copy their privileges: None—Manually configure privileges for this user group. administrators—This super user group is privileged to perform all operations. LIAdministrators—This user group is privileged to perform most operations including Lawful Intercept (LI) configuration changes. These privileges do not include changing the default administrator user credentials. For example, users assigned to the default LI administration group cannot enable or disable accounts, change passwords, or expiration dates for other users in the default LI administration and administration groups. provisioners—This group is privileged to configure Oracle Communications Session Delivery Manager and save and apply the configuration with the exception of a LI configuration. monitors—This group is privileged to view configuration data and other types of data only. This group cannot configure Oracle Communications Session Delivery Manager, and has the fewest privileges.

4. Click OK.
5. In the success dialog box, click OK.
6. Log out and log back into the system with the external RADIUS user to test your external connection to Oracle Communications Session Delivery Manager.