The Active Directory Synchronization Screen


The Active Directory Synchronization screen allows you to map AD Organizational Units to Roles or Groups in SSO Passport. A user who belongs to one or more Organizational Units is assigned to the specified Group or Role when they log into SSO Passport. If multiple Groups or Roles are mapped to a single Organizational Unit, or if the user belongs to more than one Organizational Unit, then SSO Passport will perform a “best match” Group or Role mapping for that user. You must add at least one AD server (see Adding an ADServer; opens a new article) before performing an AD synchronization.


The Active Directory Synchronization screen appears when you either:

  • Click the LDAP Sync (gear) icon in the Users screen.

  • Select Users>Active Directory Sync in the Toolbar.


The Active Directory Synchronization screen is divided into the following three areas:

  • Top navigation: This section of the Active Directory Synchronization screen allows you to select an Organization or sub-organization, select an existing AD server, or add a new AD server. See Top Navigation Section.

  • Server section: This section of the Active Directory Synchronization screen displays the currently selected AD server and allows you to sync with the server, edit the server, or remove the server from SSO Passport. See Server(s) Section..

  • Mapping section: This section of the Active Directory Synchronization screen allows you to work with Role and/or Group mappings to AD OUs and to import Groups from AD OUs. See Mapping Section.

 


Top Navigation Section

The top of the Active Directory Synchronization screen appears as follows:

This section contains the following functions:

  • Organization: Use this pull-down menu to select the Organization for which you will be adding/editing/removing AD settings.

  • Server: Use this pull-down menu to select a server that has already been added to the selected Organization.

  • Add Server: Clicking the Add Server button opens the LDAP Server popup, which allows you to add a new AD server to the selected Organization. See Adding an AD Server (opens a new article).

 


Server Section

Selecting a server using the Server pull-down menu displays that server in the Server section of the Active Directory Synchronization screen:

This section displays the following information and functions:

  • Name of the server.

  • Hostname of the server.

  • Synchronization schedule: This will say either Disabled or specify the interval between synchronizations between SSO Passport and that AD server.

  • Status: shows whether the server is accessible through network.

  • Run sync button: schedules synchronization for the nearest future.

  • Delete: deletes selected server

  • Edit Server Options: opens pop-up with server’s configuration

 


Mapping Section

The Mapping section displays the existing Role/Group mappings between the selected AD server and SSO Passport. It also allows you to add, edit, and remove mappings. This section has two tabs:

  • Roles & Groups: This tab allows you to map OUs from the AD server to Roles, Groups, and grades within SSO Passport. See Roles & Groups Tab.

  • Groups Import: This tab allows you to import OUs from the AD server as SSO Passport Groups. See Groups Import Tab.


Roles & Groups Tab

The Roles & Groups tab in the Mapping section of the Active Directory Synchronization screen allows you to map OUs on the AD server to SSO Passport Roles, Groups, and grades.

This tab contains the following information and functions:

  • OU or Group: AD OU

  • ETA Role or Group: SSO Passport Role or Group to which the AD OU has been mapped.

  • Add Mapping: Clicking add mapping (+) expands the Mapping section to allow you to add a new OU mapping. See Adding a Role/Group Mapping (opens a new article).

  • Edit: Clicking the Edit button for an existing mapping expands the Mapping section and displays the properties of the selected mapping for editing. See Editing a Role/Group Mapping (opens a new article).

  • Remove: Clicking the Remove button for an existing mapping removes that mapping from SSO Passport.

 

 

CAUTION: REMOVING A MAPPING WILL REMOVE THE ABILITY OF ALL AFFECTED USERS TO ACCESS SSO Passport.


Groups Import Tab

The Roles & Groups tab in the Mapping section of the Active Directory Synchronization screen allows you to import AD OUs as SSO Passport Groups.

This tab contains the following information and functions:

  • Parent OUs: AD OU(s) from the SSO Passport Group was imported.

  • Group Name Pattern: Name of the imported Group in SSO Passport.

  • Add Mapping: Clicking add mapping (+) expands the Mapping section to allow you to import a new AD OU. See Importing Groups (opens a new article).

  • Edit: Clicking the Edit button for an existing mapping expands the Mapping section and displays the properties of the selected mapping for editing. See Editing an Imported Group (opens a new article).

  • Remove: Clicking the Remove button for an existing mapping removes that mapping from SSO Passport.

 

 

CAUTION: REMOVING AN IMPORTED GROUP WILL REMOVE THAT GROUP FROM SSO Passport.