Directory Services - granting Foglight abilities (Roles) to an entire Active Directory Group. (4285418)

Configured Directory Services for my Active Directory Users. When an Active Directory user logs into Foglight for the first time, receive message:

"You logged in as user 'AD_user_name' and do not have access to the application".

I would like AD Users to be able to login into Foglight the first time successfully. I don't want to have to assign each AD User, the Roles (abilities) in Foglight - I guess what I'm looking for is a way to grant AD Group membership the abilities (Roles) in the Foglight application.

When a Active Directory user logs into Foglight for the first time, the message is displayed:

"You logged in as user 'AD_user_name' and do not have access to the application".

When this happens, the user account is automatically added to the Users area of the Foglight database and can be seen at:
Admin Console | Administration | Users & Security | Manage Users
In addition, every Active Directory group that the user is a member of in Active Directory, is added as an 'External' group to the Foglight database and can be seen at:
Admin Console | Administration | Users & Security | Manage Groups

Because of this, Foglight abilities (Roles) can be granted to the AD 'External' groups in Foglight, thereby giving ANY user in AD who is a member of that AD group those Foglight abilities.

This is broken down step by step, showing where you are performing the operation - in the Microsoft MMC or the Foglight application.

1. Microsoft MMC: Create a user in AD and put that user into a AD group which will be used later to grant users access and abilities into Foglight.

2. Foglight Application: Attempt login as that AD user, you will get the initial login message which says the user doesn't have access to foglight - this is expected.

3. Foglight Application: Next, login as 'foglight'. Go to: Admin Console | Administration | Users & Security | Manage Users. You will see the account created here that you tried logging in with in step 2 - grant that user the Role (ability) to login to Foglight.

4. Foglight Application: Log out and back in as user from step 1.

5. Foglight Application: Go to: Admin Console | Administration | Users & Security | Manage Groups. You will see that Foglight has added all the Active Directory groups that your user is a member of (they are considered 'External' groups). Highlight the 'External' group that you want to grant Foglight abilities (Roles) to - Click on 'Edit Roles' and assign Foglight Roles (abilities) to this group.

6. Microsoft MMC: Now, in Active Directory, put all of the AD users that you want to have those Foglight abilities inside of the same AD group as you created in step 1. When they login to Foglight for the first time, they will be able to immediately use the Foglight Admin Console.

Note: 'External' Users and Groups cannot be added or membership modified. External Users and Groups creation and membership "automatically" when a LDAP (Active Directory and other LDAP's) login. The only modification you can do to External Users and Groups is grant them Roles (abilities) in Foglight.

Note2:

If the AD group name is the same name as the Foglight Built in Group name, then Foglight will treat the user as it if was added internally to the Foglight group,and not from LDAP. Which means there will be no update to the user from LDAP (ie if the user is removed from the AD group).
If the AD group name is different from the Foglight Built in Group name, the group will be labeled external and will always get the updated user information from LDAP.