Synchronize role mappings

You can synchronize the role mappings from the Active Directory role mappings page, or automate it to synchronize when the user role sync background process is triggered.

You can use the Cancel Sync option to turn off the periodic automatic sync. This process can then be triggered manually using the Sync roles from Active Directory option, which starts immediately and continues to run based on the time interval set.

Note: As this can be a time consuming and an expensive operation, set the role synchronization time period to the default value of 1440 minutes (1 day).
Note: Nested mapping is currently not supported.

For example, assume that an AD has a parent group and a child group called 'pGroup' and 'cGroup' respectively. The user 'Paul' is part of the 'pGroup'. In the Control Room, and a mapping is created to map 'pGroup' to Role1 and Role2. Another mapping is created to map 'cGroup' to Role3.

As only direct mapping is supported in the Control Room, 'Paul' is automatically mapped to only role1 and role2.

The role mappings must be synchronized during the following scenarios:

  • Changes to AD groups.

    If any group that is mapped is deleted from the AD, the mappings must be validated before being deleted as the group is no longer available.

  • Update to the license file.

    Updating the license file can change the available roles. Mappings must be synchronized before updating the roles.

    Note: After a sync, user must wait a few seconds for the updated changes to appear.