Active Directory role mappings

The Role Mappings feature maps Active Directory (AD) security groups to one or multiple roles in the Control Room. This allows the Enterprise Control Room to synchronize with the AD and assigns the correct roles to the users, and accessing objects such as bots, devices, folders, credentials, Credential Vault lockers).

You can add various role mappings in the Control Room: Map Active Directory roles

Based on the mapping information, user roles are assigned in multiple ways:
User creation
All the security groups that a user belongs to in the AD are retrieved and roles are automatically assigned to that user based on the mappings.
User login
Every time a user logs in, the Control Room validates the mappings, the current security group memberships, and assigned roles before confirming any required changes.
Automated background process
This process is initiated based on the defined time period set on the Active Directory role mappings page. It synchronizes all the mappings before synchronizing roles for every user in the Control Room based on the updated mappings: Synchronize role mappings
All the roles assigned through role mappings are designated as system-assigned roles. The Control Room admin can assign additional roles to users if required. However, the system-assigned roles of the users cannot be removed.
Note: The system-assigned roles can be changed or removed only from mappings.