Creatio administration
This documentation is valid for Creatio version 7.12.0. We recommend using the newest version of Creatio documentation.

LDAP synchronization

During the synchronization session, all changes made to users and groups in the LDAP directory are applied to the corresponding connected bpm’online organizational structure elements.

Automatic synchronization

To set up automatic synchronization:

1.Open the system designer by clicking the system_designer.png button in the top right corner of the application window.

2.Click the [LDAP integration setup] link in the [Import and integration] block.

3.Populate the [Synchronization interval (hours)] field. Automatic synchronization of users with LDAP will be performed with the indicated interval.

Note

Population of other fields of the [LDAP integration setup] page is described in a separate article. Read more >>> 

4.Click the [Save] button to save the new folder (Fig. 1).

Fig. 1 Saving of the populated LDAP integration setup page

scr_chapter_ldap_synchronization_save_ldap_integr_setup.png 

After you save the LDAP integration setup page, the synchronization will be run automatically. The “Run LDAP import” process will be run (Fig. 2).

Fig. 2 – The “Run LDAP import” process

scr_chapter_ldap_synchronization_process_log_launch_import.png 

Manual synchronization

To run the manual synchronization:

1.Open the system designer by clicking the system_designer00001.png button in the top right corner of the application window.

2.Click the [Organizational roles] link in the [Users and administration] block.

3.Select the [Synchronize with LDAP] option in the section menu (Fig. 3). The “Run LDAP synchronization” process will be run, which in its turn calls the “Synchronize user data with LDAP” process (Fig. 4).

Fig. 3 – the [Synchronize with LDAP] action

scr_chapter_ldap_synchronization_process_org_roles_ldap_sync.png 

Fig. 4 – The “ Synchronize user data with LDAP” and “Run LDAP synchronization” processes

scr_chapter_ldap_synchronization_process_process_log_sync_users_data.png 

After the synchronization is complete, a confirmation message will be displayed.

Synchronization results

If an LDAP user is no longer among the active users, the [Active] checkbox will be cleared on the page of the corresponding bpm’online user and such user will not be able to log in.

If a previously inactive LDAP user has been activated, then the [Active] checkbox will be selected on the page of the synchronized bpm’online user.

If an LDAP user or group of users has been renamed, then the synchronized bpm’online users and roles will be renamed as well.

If an LDAP user has been excluded from an LDAP group that was synchronized with a bpm’online organizational structure element, then the corresponding bpm’online user will be excluded from the corresponding bpm’online organizational structure element.

If a synchronized LDAP user has been added to a synchronized LDAP group, then the corresponding bpm’online user will be added to the corresponding bpm’online organizational structure element.

If new unsynchronized LDAP users have been added to a synchronized LDAP element, the users will be imported to bpm’online.

If there are bpm’online users (not imported from LDAP) whose names match LDAP user names, their synchronization will not be performed.

If a synchronized LDAP user was deleted from a group connected with bpm’online organizational structure element, such user will remain active in bpm’omline but will not be able to log in.

See also

Users and roles management

Connecting LDAP elements to bpm’online users and roles

LDAP FAQ

Did you find this information useful?

How can we improve it?