On initial install of the ADI module, only users who are a direct member of the 'Administrators' Active Directory group can access the ADI administration page. If you are not a direct member of this Active Directory group, the ADI config file will need to be amended with an Active Directory Group that you and any other users' who may need to access the ADI administration page are a direct member of.
Note: Nested Active Directory groups are not currently supported - users must be a direct member of the Active Directory group that is specified within the 'Web' config file.
When trying to access the ADI administration page, you encounter the following message:
Solution
To amend this, access the server which you have installed the ADI module on to and then browse to the installation directory of the ADI installation - this is typically:
C:\Inetpub\adconnector.clickview.com.au
Within the root of the installation directory there will be a 'Web' file. Please launch this in notepad (or another simple text editor). Within this file you will notice an 'EditGroups' section:
In order to adjust the configuration from 'Administrators' to an AD group that you and any other users who may need to access the ADI administration page are a direct member of within your Active Directory. In our case, we have amended this to 'Domain Admins'.
Note: There is no need to specify your domain at the start of the group i.e. domain\user - the Active Directory group on its own will be sufficient.
Save and close the 'Web' file.
Restart the browser you are using to access the ADI administration page, and then try accessing it again. You should now see the following page:
From here you can customise the SSO sign-in screen and the group mappings used for ADI access.