AX2574

Create a scheduler job

To create a Scheduler job, you must be an admin or have the Scheduled Jobs User security permission. Non-admin users must also have read/write access to at least one folder in the Scheduler Jobs Library.

You can only create Scheduler jobs in the Desktop Client General term for using either the Excel Client or the Windows Client, both of which are installed to the user's desktop.. Although you can view the status of existing jobs in the Web client, you cannot create new jobs in that environment.

IMPORTANT: The Active Directory Import task can only be run by a user with permission to create users in security, such as an administrator, a subsystem administrator, or a user with the Administer Security permission. If you plan to schedule the job to run automatically, the job owner must have the required permissions to run the task. The job owner is the user who last saved the job, and the job must be created by a user with the required permissions.

If the job is created by a user without the required permissions, the job must be saved by a user with the required permissions to resett the job owner. You can view the current job owner for the job in the Job Variables section of the job properties.

1. On the Axiom tab, click Manage > Scheduler in the Administration group.

   

   Scheduler on default Axiom ribbon tab

   In systems with installed products, this feature may be located on the Admin tab.

   On the System Management group, click Scheduler.

   

   Scheduler on Admin tab (example product ribbon)

2. In the Scheduler dialog, click New.

   

3. Click Add > Active Directory Import to add the task to the new job.

   The task is added to the job, and you can now configure the task properties. In the Task Details section, the task has three tabs: Source Directory, Notification, and Preview Import.

4. On the Source Directory tab of the Task Details, select either Domain or Server to specify the source domain for the import.

   • If you select Domain, enter the name of the domain.
   • If you select Server, enter the name of the domain controller server.

   The server option is available in case you are not currently logged into the source domain and your current domain does not have access to the source domain. In this case, you must use domain credentialsto access the source domain.

   You can select only one domainper import task. To import users from multiple domains into an Axiom Platform system, you must create multiple import tasks.

5. For Credentials, specify the user credentials when accessing Active Directory for the import. Select one of the following:

   • Use process credentials: (Default) Use the credentials of the network service account for Axiom Scheduler Server (on-premise installations) or Axiom Cloud Integration Service (Axiom Cloud systems).

   • Specify domain credentials: Enter the credentials of a specified domain User and Password. This option is required if you identified the source domain using the server name instead of the domain name.

   

6. If you do not want new and synchronized users to be automatically enabled by the import, select Never Enable Users:

   • If not selected (default), the newly imported users are enabled as part of the import. Additionally, any existing imported users who were changed to disabled are re-enabled.

   • If selected, the newly imported users are not enabled as part of the import. A security administrator must modify the security settings after the import is complete to enable the new users. Existing imported users retain their current enabled status.

   Syntellis recommends enabling this option because in most cases, it is necessary for a security administrator to make further changes to security settings before the user account is fully ready for use. Additionally, if your system uses subsystems, any newly imported users will not be able to log in because the import does not assign users to a subsystem.

   

7. In the Groups to import section, click Add to select one or more groups to import. The Select Groups dialog opens and displays a list of groups from the source domain.

8. Select the groups to add, and then click OK. You can use the search box at the top of the dialog to find a group by name. You can use the SHIFT or CTRL keys to select multiple groups in the list.

   

   NOTE: The Groups to import box displays the groups you selected. If you added a group by mistake, you can select it and click Remove.

9. In the Groups to import section, click Role Mapping to define the role mappings for each selected group:

   

   The defined role mappings do not display in the Groups to import box. If you want to review or edit the role mappings, click Role Mapping.

   NOTES:  

   • If a group has multiple mapping rows to assign the users to multiple roles and/or subsystems, the user type and authentication type should be the same on each row. If the user type or authentication type is different,the entry on the last processed mapping is used.

   • If a group has no defined role mappings, users are not be assigned to any roles or subsystems. If the import creates new users without role mappings, the assigned user type is Standard and the assigned authentication type is Windows User.

10. In the Role Mapping dialog, click the Add mapping icon to add a mapping row to the dialog.

    • In the mapping row, select a Directory Group to map, and then assign the following to users:

      • Axiom Role: You can select None if you do not want to assign users to a role.
      • Subsystem: This option is only present if subsystems are enabled for your system.
      • User Type: Includes the license type, such as a Standard license or a Viewer license.

      • Authentication Type:Windows User or SAML. To use a different authentication type, you must update the users after importing to assign them to the applicable authentication type. You may be able to create a Save Type 4 report to Axiom. Principals to update the users, and process that report within the same Scheduler job after the Active Directory import task is performed.

      

    • Repeat these steps for each group to be imported. To assign users in a group to more than one role or subsystem, you can create multiple mapping rows for that group.

    • To remove a mapping row, select it, and then click the Remove mapping icon.

11. When you are finished defining mappings, click OK to return to the Scheduler task properties.

12. On the Notification tab of the Task Details, enter one or more email addresses to send a notification when users are added or synchronized after running the Active Directory Import task. Separate multiple addresses with a semi-colon.

    

    When the import task is run, if any users are created or modified in the Axiom Platform system, an email notification is sent to the addresses specified here. The email summarizes the changes made. This email notification is independent of any job-level notification settings that provide notifications based on overall job completion or failure.

    Syntellis recommends setting up this task-level notification to send emails to the security administrators responsible for maintaining the security settings in Axiom Platform, so that they can define security settings for newly added users, validate changes made to existing users, and perform any other follow-up tasks.

13. On the Preview Import tab of the Task Details, click Preview to view the changes to be made to Axiom Platform Security when the Active Directory Import task is run.

    The preview feature helps you verify that you have set up the task correctly. If the reported changes are not as you expect, you can review and adjust the task settings. No changes are made to security when you run the preview.

    

    Review and complete the following general job properties as required.

14. In the left-hand pane, click Scheduling Rules. In this section, you can define a scheduling rule so that the job runs automatically. Typically, organizations want the Active Directory Import task to run regularly to keep user in sync.

    Click Add to add a scheduling rule to the job, and then complete the rule as based on your required schedule. For more information, see Defining scheduling rules for a job. In the following example, this job runs Monday through Friday at 11:00PM.

    

15. In the left-hand pane, click Notification. In this section, you can configure notification settings for the overall Scheduler job. The job-level notifications inform interested parties whether the job is completed successfully or contains errors. These notifications do not contain information about user changes to Axiom Platform Security. To inform others about specific user changes, you must use the task-level notification settings as described in step 9.

    By default, jobs are configured to send a notification whenever the job is run (Send all email notifications). You can change the Job Notification Level and modify the recipients, subject, and message. For more information, see Setting up notifications for jobs. In the following example, a notification is only sent when the job contains errors.

    

16. Complete any other job or task properties as needed. In most cases, the default settings are sufficient. To learn more about these settings, see Job properties and Task Control properties.

17. Click Save. You can define a name for the job and save it to the applicable location in the Scheduler Jobs Library.

    

After you save the job with an active scheduling rule, the job is immediately added to the schedule to await the first scheduled execution time. You can view this scheduled instance on the Scheduled Jobs tab.

You can also run the job manually by opening the job and clicking Run Once. Note that when using Run Once, the job runs as the current user instead of the job owner, so you must have the required permissions to perform the import.

For more information on the Active Directory Import task, see How Active Directory user synchronization works.