Map up to 1000 Active Directory groups to roles
Starting from Version 22.214.171.124, you can now map 1000 Active Directory groups (increased from 200) to user roles in the Control Room by defining the domain, organizational unit, and prefix for groups of the organization unit in the um.properties file.
The following special characters are used in the um.properties file to separate domains, organization units, or security groups: comma (,), colon (:), ampersand (&), or pipe (|). Therefore, if any of your Active Directory entities have names that include these special characters, escape these characters by preceding them with a double backslash.
domain name 1: sameenterprise.com (in domain 1) OU name 1 : marketing,finance (in domain 1) OU name 2 : engineering (in domain 1 OU 1) Group name: groupA (in domain 1 OU 1) Group name: groupB&C (in domain 1 OU 2) Group name: groupC|A domain name 2: asia.sameenterprise.com (in domain 2) OU name 1: sales:hr (in domain 2 OU 1) Group name: AsiaGroup
(in domain 1) OU name 1 : marketing\\,finance (in domain 1) OU name 2 : engineering (in domain 1 OU 1) Group name: groupA (in domain 1 OU 1) Group name: groupB\\&C (in domain 1 OU 2) Group name: groupC\\|A domain name 2: asia.sameenterprise.com (in domain 2) OU name 1: sales\\:hr (in domain 2 OU 1) Group name: AsiaGroup
- Go to the Control Room installation path.
- From the list of files, open the um.properties file with an XML editor such as Notepad++.
Define the domain, organization unit, and prefix for the groups of the
organization unit in the um.properties file:
um.ldap.groupmapping.domain.filter='<domain>:<organization unit>&<prefix for the groups of the OU>'|'<organization unit>&<prefix for the groups of the OU>'.
Repeat for the other domains.For example:
um.ldap.groupmapping.domain.filter='sameenterprise.com:marketing&groupA&groupB|engineering&groupC,asia.sameenterprise.com:sales&AsiaGroup|eng-ou&engGroup2'If the domain
samenterprise.comis selected, security groups starting with groupA or groupB will be retrieved from the
marketingorganization unit. If the domain
asia.samenterprise.comis selected, any security groups starting with
salesorganization unit or security groups starting with
eng-ouorganization unit will be retrieved.Note: You can search for Active Directory groups that are defined in the um.properties file. Nested organization units are not supported.
- Save the file and restart these services: Automation Anywhere Control Room Caching, Automation Anywhere Control Room Messaging, and Automation Anywhere Control Room Service.