Read and Review Automation Anywhere Documentation

Automation 360

Close Contents


Open Contents

Create Active Directory role mapping

  • Updated: 2021/10/05
    • Automation 360 v.x
    • Manage
    • RPA Workspace

Create Active Directory role mapping

When users are created, they automatically inherit the roles assigned to their Active Directory security groups. Create the mapping before synchronizing the user and roles during the user login or background process.


To complete the task, you must have AAE_Admin role assigned to you. Ensure you are logged in to the Control Room as the administrator.
In order to create a role mapping, as the administrator will have to provide the following information:
  • Unique mapping name.
  • The targeted domain where the security groups will pulling the credentials from (see for details).

In order to avoid to import a long list of users, a specific security group should be created on the AD side that has only the users who will access Control Room is recommended.

Map a single AD security group to one or more Control Room roles. Create any roles you want to use with the Active Directory security groups. You can also use the default roles available in the Control Room. .
Note: It is not recommended that the AAE_Admin role not be used.


  1. Log in to the Control Room.
  2. Navigate to Administration > Roles.
  3. Click Active Directory Role Mapping.
  4. Click Create Role Mapping.
  5. Enter the Name.
  6. Click the Active Directory domain drop-down and select an available domain.
  7. Use the Active Directory security group field to search for a group.
    For example, if you have a group named Certified Publishers, search for Certified. All the groups that contain Certified in their name are listed in GROUPS.
  8. Choose whether Import users or Do not import users.
    Import users All the users who are assigned for the selected security group will be created and assign the mapped roles and licenses in Control Room. If users already exist in Control Room, they will be updated with the latest roles and licenses from the mapping.

    If synchronization process is enabled and triggered, the existing Control Room users will have the updated roles and licenses from the mapping.

    If there are new users added to the security group on the Active Directory side, these users will be created in the Control Room.

    If there are users removed from the security group, these users will be deleted from Control Room.

    Do not import users
    After the role mapping is created; no user will be created in Control Room. How this mapping is being used in this deployment:
    • On the Create user configuration page, when you create a new user, the role(s) will automatically be assigned to the new user if any of the user security group maps to the existing role mapping.
    • If synchronization process is enabled and triggered, any existing Control Room users whose security group maps to any role mappings will get the role assignment updated.
  9. Click the right arrow () to add your selection.
  10. Select a Role from the list of Available roles.
  11. Click the right arrow () to add your selection.
  12. Select the device licenses to assign to the security group.
    License mapping is only supported when the Import users options is selected.
    Note: The Do not import users option does not support license assignment. Administrators will be required to map the licenses manually for users.
  13. Click Create Mappings.

When the synchronization runs, all users with the assigned roles are updated.

Send Feedback