If you want to use Microsoft Active Directory (AD) to authenticate users who log into ATP Manager, you need to add AD groups to Symantec Advanced Threat Protection (ATP). Users from these groups use their AD credentials to log into ATP Manager.
The groups that you add must belong to the AD domain, and be comprised of users that you authorize to act in the roles that are listed below. The group's role authorizes which pages its users can access and which functions its users can perform. See ATP user roles.
Administrators can access all pages and perform all functions in ATP Manager.
Controller (or "incident responder")
Controllers (or "incident responders") can access all pages in ATP Manager, except the Settings page.
Users can access all pages in ATP Manager, except the Settings page. Users can view events and incidents, but cannot perform actions against them (such as isolating machines or deleting files on endpoints).
You can add more than one group per role. For example, you may have multiple AD groups for Controllers based on their location.
If a user belongs to multiple groups that have different roles, the group with the highest role takes precedence. For example, if a user belongs to both the Controller and User groups, the user is granted the permissions of the Controller group.
To add an Active Directory group
In ATP Manager, click Settings > Users > Active Directory.
Click + Add Group.
On the Group page, enter the Group Name and then click Check Name.
A list appears if there is more than one group containing all or part of the name that you specified.
From the list, select the group that you want to add.
From the ATP Role drop-down list, select the role that applies to this group.
(Optional) Check Receive email notifications when incidents occur if you want users in this group to receive an email notification when ATP creates an incident.
Enter the Email address(es) of the users that you want to receive the email notification.
This email address can be a distributed list, or multiple email addresses separated by commas. ATP does not use the email addresses that are associated with your AD users.