Active Directory Questions
Comments
-
We will be implementing Active Directory sync within a client project. The end client is asking a couple of specific questions that I did not see in the documentation.
1 - is it possible to disable logging in without Active Directory sync?
2 - related, If a user is manually created, put in groups, will the AD sync remove them from the groups when the job next runs?
-
1 - is it possible to disable logging in without Active Directory sync?
[ul][li]Can you confirm the use case for this? The default admin account would still have to be enabled, but all other user accounts can have an authentication type other than Password (excluding SYSTEM, GUEST, & EXTERNAL SYSTEM).[/li][/ul]2 - related, If a user is manually created, put in groups, will the AD sync remove them from the groups when the job next runs?
[ul][li]No, AD sync doesnt alter local accounts in this case, it looks for AD account type (authentication_type = ActiveDirectory) - non-AD accounts should remain untouched.[/li][/ul]
[b]
[/b]
[font=Roboto, Arial, Helvetica, sans-serif]Manually created accounts can be forcefully disabled by creating a Scheduled Job which fetches all Accounts with Password as the value for their authentication_type property (excluding the local admin account, SYSTEM, GUEST, & EXTERNAL SYSTEM), setting their is_active and can_use_portal properties as 0/False, and saving them. Groups can be synced from Active Directory, but their permissions will have to be configured for the Decisions side.[/font]
Howdy, Stranger!
Categories
- 2.1K All Categories
- 18 General
- 155 Installation / Setup
- 991 Flows
- 86 Rules
- 203 Administration
- 204 Portal
- 433 General Q & A
- 600 Forms
- 282 Reports
- 3 Designer Extensions
- 38 Example Flows
- 32 CSS Examples
- 1 Diagram Tile
- 5 Javascript Controls
- 139 Pages
- 1 Process Mining
- New Features
- 150 Datastructures
- 50 Repository
- 169 Integrations
- 25 Multi-Tenant
- 21 SDK
- 40 Modules
- 38 Settings
- 20 Active Directory
- 12 Version 7
- 34 Version 8