Skip to main content
Version: 3.25

Create Active Directory (AD) Users and Group Synchronization

Requirements

Configure group synchronization

info

senhasegura user synchronization service runs every three minutes.

You have access to AD group synchronization through the Group Synchronization menu. These groups will keep track of users who are added or removed from the specified group in the Active Directory, and authentication will reflect the modifications on senhasegura.

1. Create a new LDAP/AD group synchronization on the top right view actions button ( ⁝ )

Each record is a different synchronization rule. And they may be querying the same LDAP server or different servers.

2. Fill the settings tab

LDAP/Group Form

In the configuration form you will:

  • Set a name to the rule.
  • Configure which server should be asked
  • Define DN filter to use, this filter is using LDAP query to colect the group and users information. If you need more information about LDAP queries with AD check this article

Keep sync down while you are setting up to avoid wrong users' creation.

info

The field 'User Filter' supports up to 2048 characters.

3. Define the group users roles

LDAP/Group Roles

4. Define group users Access Groups

Be sure to create an Access Group. Otherwise, you can start the synchronization group and change the Access Group definition later.

LDAP/Group Access Group

5. Simulate users group syncronization

To check with the syncronization is working and getting the correct user an syncronization test can be used, click on the group action button ( ) and select Synchronization test.

Synchronization test screen

Notice the result. senhasegura will print the accounts that will be created, modified or maintained.

6. Enable syncronization

If you agree with the result presented, you can click to Edit Group then enable synchronization by editing the configuration and save.

Group Sync and Change user permission manually

Once you enable synchronization, this should be how you manage your senhasegura users' permissions. If you change the Role and Access Group from a user manually in the User management section, they will be overwritten by the group synchronization.

In Settings ➔ Authentication ➔ Active Directory ➔ AD/LDAP Groups x Access Groups, you can filter the access groups with the following parameters:

  • ID: Identifier number

  • Name: Access group naming

  • Server: LDAP server IP or address

  • Last synchronization: When the last synchronization occurred

  • Active synchronization: Shows if synchronization is active

  • Access Group (Approver): Which access group approver

  • Access Group (User): Which access group, the user, belongs to

  • Enabled: Shows if the access group is active

  • Action: edit actions, user preview, sync logs, and sync test