Scheduler task: Active Directory Import

This task imports users from Active Directory groups into Axiom Software security. For more information on using Active Directory integration with Axiom Software, see Synchronizing users with Active Directory.

This task has three tabs of settings: Source Directory, Notification, and Preview Import.

NOTE: The user running this task must be an administrator or have the Administer Security permission.

For Cloud Service systems, this task can import users from your local Active Directory by use of the Axiom Software Cloud Integration Service. If you have a remote data connection that is enabled for user authentication, this task will use that connection when the job is executed by a Scheduler server. For more information, see Managing remote data connections.

Source Directory tab

On this tab, you specify the domain to import from and the groups to import.

Item	Description
Domain or Server	Select either Domain or Server to specify the domain to import from. If you select domain, type the name of the domain. If you select server, type the name of the domain controller server. The server option is available in case you are not currently logged into the target domain, and your current domain does not have access to the specified target. You must enter domain credentials in order to access the domain. Only one domain can be selected per import task. If you want to import users from multiple domains into an Axiom Software system, then you must create multiple import tasks.
Credentials	Specifies the credentials to use when accessing Active Directory for the import. Select one of the following: Use process credentials: (Default) Use the credentials of the network service account of the Scheduler server. Specify domain credentials: Use the credentials of a specified domain User and Password.
Never Enable Users	Specifies whether the import enables imported users as part of the process: If unchecked (default), then newly imported users are enabled as part of the import. Additionally, any existing imported users who have been changed to disabled are re-enabled. If checked, then newly imported users are not enabled as part of the import. An administrator must modify the security settings after the import is complete to enable the new users. Existing imported users retain their current enabled status.
Groups to import	The Active Directory groups for which members will be imported into Axiom Software Security. Click Add to select from a list of groups for the specified domain. If the specified domain name is not valid or if Axiom Software cannot connect to it, then an error will result when attempting to add groups. If you need to remove a group, select the group and click Remove.
Role Mapping	Click this button to map Active Directory groups to Axiom Software security roles and to user types. If a mapping exists for a group, then when users are imported for that group they are automatically assigned to the mapped role. You can map each group to multiple roles. In the Role Mapping dialog, click Add mapping (the plus icon) to add a role mapping. Then complete the following: In the Directory Group column, select the Active Directory group to be mapped. In the Axiom Role column, select the role to be assigned to users in that group. If you want to map the group to more than one role, add another mapping row. You can select None if the users should not be assigned to any role. In the User Type column, select the license type for the imported users. The default license type is Standard. If no mappings are defined for a group, then users in that group are not assigned to any roles when they are imported, and the user type is set to Standard. To remove a role mapping, select the mapping in the grid and then click Remove mapping (the X icon). If users have already been imported using this role mapping, removing the mapping will not remove the users from the role in subsequent imports. NOTE: If a user belongs to multiple imported Active Directory groups, and the groups do not have the same assigned user type, then the user will be assigned one of the user types.

Notification tab

On this tab, you specify users to be notified when changes are made in Axiom Software Security due to the import.

Type in one or more email addresses to be notified. Separate multiple addresses with a semi-colon. For example:

jdoe@axiomepm.com;jsmith@axiomepm.com

When the import task is run, if any users are created or modified in the Axiom Software system, an email notification will be sent to the addresses specified here. The email summarizes the changes made. This email notification is independent of any job notification settings (which notify based on overall job completion or failure).

We recommend setting up notification to send emails to the administrator(s) responsible for maintaining the security settings in Axiom Software, so that he or she can define security settings for newly added users, validate changes made to existing users, and perform any other follow-up tasks.

Job variables can be used in this setting.

Preview Import tab

On this tab, you can preview the import results to test that the import is set up as desired.

To preview the results, click Preview. Axiom Software processes the import task but does not actually make the changes to the system. Instead, the tab displays a summary of the changes that would result.

The preview shows a list of users that would be added, changed, or disabled.

NOTE: The preview is always executed locally, even for Cloud Service systems. The remote data connection to the Cloud Integration Service is only used when the task is executed by Scheduler.

Get more information and training resources: www.kaufmanhall.com

Was this topic helpful?

active_directory_task.htm