Skip to main content

Security Group Assignment

Alex Mead
Updated

AD Connector

Step-by-step guide

 

This guide will show you how to assign security groups to newly created AD objects as part of the New Starter process.

Contents

 

Introduction

During user creation within the AD Connector, it is possible to assign newly created objects to security groups. This functionality can be driven either as default group assignment or based on a specific logic to achieve role based access. Groups are only assigned at point of user creation, IT are welcome to make any required changes to user objects post creation and the service will have no impact.

The service account that runs the AD Connector service must have the relevant permissions to assign security groups.

Setting group assignments

Go to the following area:

  • Login to your AD Connector portal (IT Access only)
  • Workflow Configuration > New Starter - User Creation > Edit Chart > Assign Security Groups > Edit


Setting default groups for all users

Where you want to assign groups to all users when created, this can be done by editing the attached condition. 

  • Property value is set as "UserGuid"
  • Operation is set as "IsNotNull"

You can then set as many security groups as you wish by setting the "Output Values" and populating this with the FQDN of the group and clicking each opportunity to save until you return to the main workflow chart.

Role based access

It is also possible to assign groups to all users based on their role. This can be done by editing the attached condition. 

  • Property value is set as role requirements (department/job title/location)
  • Operation is set as Equals
  • Target Value is set as condition (e.g Human Resources)

You can then set as many security groups as you wish by setting the "Output Values" and populating this with the FQDN of the group and clicking Save.

You can add multiple conditions to accommodate any role requirements by clicking Add Combination and adding new logic.

Please note that the assignment will stop once it finds the first true condition and will exit back to the core workflow. 

Enabling the group assignment

Once you have configured the group assignment, it can be enabled under the global variables. Guidance for this can be found in the associated KB article.

 

Footer

Related to

Related articles

Comments

0 comments

Article is closed for comments.