can we install bigfix server in workgroup.
Required Domain BigFix server and Work group bigfix server advantages and disadvantages.
Yes, BigFix Server can be installed in a workgroup environment, and it is fully functional. However, this setup is generally recommended only for testing, lab environments, isolated networks, or POC scenarios where AD is not available or required.
For production use, HCL recommends installing the BigFix Server in a domain-joined environment for better security, manageability, and scalability.
- Scalability: Workgroup is not ideal for enterprise level deployments; Domain is better suited for large environments.
- Authentication: AD-based authentication is only available with Domain setups, for example: missing LDAP user addition & AD Security group based roles.
- Single Sign-On: Works only with Domain-joined systems, not supported in workgroup mode.
- Security: Workgroup setups are generally considered less secure.
- Integration: Domain setups integrate better with enterprise tools.
Wait. BigFix can natively use any AD, EntraID or LDAP for authentication, regardless your server is in a domain or not. You will only miss Windows session credentials login. SAML and SSO will work as well.
BigFix administrators often use Windows policy to deploy new agents, but this is not a native functionality of BigFix, as it offers its own tool for agent deployment.
Generally speaking, choosing a domain or a workgroup mainly affects your infrastructure, not BigFix functionalities.
Right, I don’t know that we have any recommendation of Workgroup vs Domain, and often I install outside of a Domain environment to limit permissions on the root server itself. Some of our largest deployments in fact are Linux-based with no Domain membership at all.
Logons for the Console itself could be tied to AD, Entra, Okta, or other identity providers, even if the server itself is not a member of any Domain.