Adding Identity Provider Operators
You can create accounts for operators to access the console by using an existing Active Directory or LDAP account or Microsoft Entra ID.
username
username@domain
domain\username
- Two-factor authentication with Common Access Cards (CAC), Personal Identity Verification (PIV) cards, or other factors, if required by the Identity Provider.
- Web-based Single Sign-On authentication method from the identity provider login URL.
To add an Identity Provider user, complete the following steps:
- Ensure that the needed Active Directory or LDAP directory or Microsoft Entra directory is added to the BigFix environment.
- Click the Tools > Add Identity Provider Operator menu item or
right click in the work area and then select Add Identity Provider Operator.
The following dialog appears.
- You can query and filter the users defined on the specified Identity Provider server
using the Search field and the two radio buttons.Note: If you have configured at least one Microsoft Identity Provider in your environment and have a significant number of users in your Tenant, it is highly recommended to use the "Starts With" option, as it can be significantly faster than the "Contains" option.
A new client property, named _Enterprise Server_MSEntraID_PageSize , has been introduced to let BigFix users configure the Microsoft Entra page size for REST API responses. This property must be set on the machine where the BigFix Server is running. By default, it is set to 0, indicating that no paging option is applied, and the Microsoft Entra default value of 100 items is returned for each request. Increasing the page size can enhance performance when dealing with a large number of Microsoft Entra users.
Name _Enterprise Server_MSEntraID_PageSize Default Value 0 Setting Type int Value Range 0 - 999 Component Restart Required No - When you find the user to add as Identity Provider operator, select it and click
Add. The Console Operator panel opens.
- From the Details tab assign operator permissions.
You can decide to give the operator the ability to trigger restart and shutdown as Post-Action or to include them in BigFix Action Scripts. Depending on the configuration that you set for a specific operator for shutdown and restart, the radio button in the Post Action tab of the Take Action panel might be disabled for that operator. This configuration has no effect on actions with action script type other than BigFix Action Script.
You can also set permissions to access the BigFix Console and REST API.
- The Administered Computers tab lists the computers managed by this operator.
- From the Assigned Role tab, select the roles that you want to assign or unassign this operator to.
- From the Sites tab, assign the sites that you want this operator to have access to or unassign them.
- From the Computer Assignments tab, specify the properties that must be matched by the computers that the operator can manage.
- To save the changes click Save Changes.
- From any list of local operators, right-click the operator you want to convert.
- From the context menu, select Convert to Identity Provider
Operator.
- Locate the Identity Provider user you want to convert the operator to.
- Select the user name and click Convert.
Permissions Inheritance: The converted operator inherits all permissions assigned to the chosen Identity Provider user. However, there is an exception: permissions granted to the old operator based on their group membership are not inherited.
Example
This is an example of converting a user displayed in the screen captures above.
A user named "user1" belongs to a group "TestGroup" associated with the "TestRole" role granting permission "permission1".
To ensure that "BigFix User 1" (converted from "user1") has "permission1", "BigFix User 1" must belong to a new group "newTestGroup" associated with "TestRole."