Map up to 1000 Active Directory groups to roles
- Updated: 2021/07/27
Map up to 1000 Active Directory groups to roles
Starting from Version 11.3.4.2, you can now map 1000 Active Directory groups (increased from 200) to user roles in the Control Room by defining the domain, organizational unit, and prefix for groups of the organization unit in the um.properties file.
The following special characters are used in the um.properties file to separate domains, organization units, or security groups: comma (,), colon (:), ampersand (&), or pipe (|). Therefore, if any of your Active Directory entities have names that include these special characters, escape these characters by preceding them with a double backslash.
For
example:
domain name 1: sameenterprise.com
(in domain 1) OU name 1 : marketing,finance
(in domain 1) OU name 2 : engineering
(in domain 1 OU 1) Group name: groupA
(in domain 1 OU 1) Group name: groupB&C
(in domain 1 OU 2) Group name: groupC|A
domain name 2: asia.sameenterprise.com
(in domain 2) OU name 1: sales:hr
(in domain 2 OU 1) Group name: AsiaGroup
In this example, the organization unit names
"marketing,finance", "sales:hr" and the group names "groupB&C" , "groupC|A" are
preceded with "\\" to escape these special characters (:), (,), (&), (|). The
result appears as
follows:
(in domain 1) OU name 1 : marketing\\,finance
(in domain 1) OU name 2 : engineering
(in domain 1 OU 1) Group name: groupA
(in domain 1 OU 1) Group name: groupB\\&C
(in domain 1 OU 2) Group name: groupC\\|A
domain name 2: asia.sameenterprise.com
(in domain 2) OU name 1: sales\\:hr
(in domain 2 OU 1) Group name: AsiaGroup