# AD Group Mapping

Before you can map Active Directory (AD) groups to roles in WorkSpaces Manager, you first need to create and validate the AD groups. You can do this by following the instructions on the [Active Directory Groups](/admin/security-section/active-directory-groups.md) Page.

Now the Groups have been validated we can now map to Roles to create WSM Role. Go to **Security** > **Roles** and click **Create Role**, enter a Name and click **Create.**

<figure><img src="/files/6Q47xueoIcHfDHb7mMWL" alt=""><figcaption></figcaption></figure>

Once the role has been created, click on it to open the configuration page. In the top-left corner, you'll see the **"AD Group Mapping"** dropdown. From there, select the **Active Directory Group** you want to associate with this role.

Next, define the permissions for the role. For example, in this case, we're assigning the WSMTest AD Group and granting users access only to the Admin and WorkSpaces tabs. This ensures users in that group have restricted, role-specific access when using WorkSpaces Manager.

<figure><img src="/files/rDdl1TuH1ks36dfjn9cS" alt=""><figcaption></figcaption></figure>

Users who belong to the mapped Active Directory group will automatically have the assigned role applied to them in Portal Users within WorkSpaces Manager.

<figure><img src="/files/XrnTuWJF82QFpcQ3fbNN" alt=""><figcaption></figcaption></figure>

When users log in to the portal, they will authenticate using their Active Directory credentials (e.g., `Domain\username`). Once logged in they will only see the sections and functionality that correspond to the permissions assigned to their mapped role.

Refer to the example below to see how these role-based permissions are reflected in the user interface.

<figure><img src="/files/wyTTPahKBRE6iHMA8kI2" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nuvens.cloud/admin/appendices/ad-group-mapping.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.