Administration ▶ Active Directory Questions : add message

::
(ctrl+enter)    


Previous messages in the topic:
james.hartzell@decisions.com
6/30/2020
1 - is it possible to disable logging in without Active Directory sync?
  • Can you confirm the use case for this? The default admin account would still have to be enabled, but all other user accounts can have an authentication type other than 'Password' (excluding SYSTEM, GUEST, & EXTERNAL SYSTEM).
2 - related, If a user is manually created, put in groups, will the AD sync remove them from the groups when the job next runs?
  • No, AD sync doesn't alter local accounts in this case, it looks for AD account type (authentication_type = 'ActiveDirectory') - non-AD accounts should remain untouched.



Manually created accounts can be forcefully disabled by creating a Scheduled Job which fetches all Accounts with 'Password' as the value for their authentication_type property (excluding the local admin account, SYSTEM, GUEST, & EXTERNAL SYSTEM), setting their is_active and can_use_portal properties as 0/False, and saving them. Groups can be synced from Active Directory, but their permissions will have to be configured for the Decisions side.
Curious Betsy
6/30/2020
We will be implementing Active Directory sync within a client project. The end client is asking a couple of specific questions that I did not see in the documentation.


1 - is it possible to disable logging in without Active Directory sync?


2 - related, If a user is manually created, put in groups, will the AD sync remove them from the groups when the job next runs?




Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software