Active Directory role mappings
The Role Mappings feature maps Active Directory (AD) security groups to one or multiple roles in the Control Room. This allows the Enterprise Control Room to synchronize with the AD and assigns the correct roles to the users, and accessing objects such as bots, devices, folders, credentials, Credential Vault lockers).
You can add various role mappings in the Control Room: Map Active Directory roles
- User creation
- All the security groups that a user belongs to in the AD are retrieved and roles are automatically assigned to that user based on the mappings.
- User login
- Every time a user logs in, the Control Room validates the mappings, the current security group memberships, and assigned roles before confirming any required changes.
- Automated background process
- This process is initiated based on the defined time period set on the Active Directory role mappings page. It synchronizes all the mappings before synchronizing roles for every user in the Control Room based on the updated mappings: Synchronize role mappings
- All the roles assigned through role mappings are designated as
system-assigned roles. The Control Room admin can assign
additional roles to users if required. However, the system-assigned
roles of the users cannot be removed.Note: The system-assigned roles can be changed or removed only from mappings.