Starting with Resilio Connect v3.6.0 it's possible to disable local user accounts on the Management Console, leaving only domain users (AzureAD and LDAP accounts).
1. Local user accounts should only be disabled AFTER a connection to AD has been configured and verified to be working, i.e. domain users can successfully login to the MC.
2. At least one domain user MUST have SuperAdmin permissions on the MC.
3. FOR API Users: All API keys and mail notifications, previously configured for local users, will cease working if local users are disabled on the Management Console until these Accounts are enabled back
Disabling local user account
1. Make sure that connection to Active directory is configured and AD users can successfully login to the MC. At least one user has SuperAdmin permissions.
2. Stop Resilio Connect Management Console process.
3. Edit MC configuration file and add the following section to top level of the json. Be sure to preserve the json format of the config file.
"security": { "local_accounts": false },
4. Start Resilio Connect Management Console.
Changes in MC after disabling local account
After the local accounts are disabled, some changes in MC functionality and UI can be observed.
Trying to login with local username/password will give error "Wrong credentials" Also, if LDAP is not configured, login screen will only allow to log in via Azure AD.
Table with local users accounts will be hidden from tab Users.
It will be not possible to create users or reset their passwords using command line.
API keys and mail notifications, configured for the local users, will stop working.
API call /users
or /groups
will return status 'active' or 'disabled' accordingly.
Automatically bootstrapping MC with such a config file (with disabled local users) is not supported and won't work.