Read and Review Automation Anywhere Documentation

Automation 360

Close Contents

Contents

Open Contents

Manage Active Directory role mapping

  • Updated: 9/30/2021
    • Automation 360 v.x
    • Manage
    • RPA Workspace

Manage Active Directory role mapping

An administrator or a user with permission to view and manage roles can view the details of the available Active Directory role mappings.

Prerequisites

This task is performed by the Control Room administrator. You must have the necessary rights and permissions to complete this task. Ensure you are logged in to the Control Room as the administrator.

By default, the Control Room will retrieve all security groups from the Users directory.

To create role mappings with filters for the Users directory along with other organizational units (OU), you must update the um.properties file. In the Control Room, the Users directory is considered similar to the OUs. Therefore, you must define the filter in the um.properties file.

For example, set the filter in the file as follows:
um.ldap.groupmapping.domain.filter='mydomain.com:OU1&groupFilter|OU2&groupFilter|Users&groupFilter'
Note: Group filters such as groupFilter are optional.
In this example, by applying this change to the um.properties directs the Control Room to perform the following tasks:
  1. Go to domain mydomain.com
  2. Retrieve all security groups from Organization Unit OU1 that have the group name starts with groupFilter.
  3. Retrieve all security groups from Organization Unit OU2 that have the group name starts with groupFilter.
  4. Retrieve all security groups from Users directory that have the group name starts with groupFilter.

This setting ensures that the users from the organization units OU1 and OU2 will be retrieved in addition to the Users directory.

Multiple Domain Mapping

Mapping supports multiple domains separated by a coma.

um.ldap.groupmapping.domain.filter='mydomain.com:OU1&groupFilter|OU2&groupFilter|Users&groupFilter,mydomain2.com:OU3|OU4'
In the example above, the Control Room will perform the additional processes:
  1. Go to domain mydomain2.com
  2. Retrieve all security groups from Organization Unit OU3.
  3. Retrieve all security groups from Organization Unit OU4.

Retrieving security groups from nested OUs

Example for retrieving security groups from nested OUs.

In the following example organization, consider "Marketing" as the parent OU with additional nested OUs and security groups located in each of these nested OUs.

  • Marketing
    • Group 1
    • Group 2
    • US_OU
      • Group 3
      • California_OU
        • Group 4
        • NoCal_OU
          • Group 5
        • SoCal_OU
          • Group 6
By adding the following entry, Control Room will retrieve all groups, group1, group2, group3, group4, group5 and group6 from Marketing and the nested OUs.
um.ldap.groupmapping.domain.filter='mydomain.com:Marketing'
Note: Providing nested OU in the entry is not supported.

Active Directory role mapping

Navigate to Administration > > Roles > Active Directory Role Mapping and the page displays any role mappings that have been created in the Control Room. From here, these role mappings can be viewed or edited. You can also create new role mappings or restart the role synchronization process between the Control Room and AD.

This synchronization process is triggered once a day (1440 minutes) by default once enabled. Synchronizations can be triggered in any interval by changing the number of minutes. It is recommended that interval settings be larger as the represented by the default.

One or more available role mappings that match your search criteria appear in the Role Mapping table.
Send Feedback