Active Directory: Users Automatically Added to ManageIQ Group?


We have configured our ManageIQ instance to authenticate against Active Directory per the documentation.

I also believe I understand how ManageIQ Groups map to Active Directory groups.

My question is, should the ManageIQ users be automatically added to ManageIQ groups based upon this ManageIQ Group : Active Directory Group mapping?

In other words, if ADGroupA is mapped to ManageIQGroup1, and I have an AD user in ADGroupA, when this user logs in, will he/she automatically be in ManageIQGroup1?

If so, when does this happen? Upon first login? When the ManageIQ group is mapped/created? On a scheduled basis?

If not, am I correct in assuming the user will still need to be manually added to the ManageIQ group? Will ManageIQ NOT allow me to add the user if the corresponding AD User is not in the AD Group mapped to this ManageIQ group?

Any details on how this is supposed to work would be greatly appreciated.


Manageiq get usergroup when the user connect on manageiq portal. If a group match a manageiq group, user is automatically bin to this manageiq group.


That’s what I thought. And yet, it does not seem to be adding my user to all groups I should be matched with. Any known issues around this behavior I should be aware of? What if there are more than one ManageIQ groups mapped to the same AD group? Should I be added to all of them?