During the synchronization session, all changes made to users and groups in the LDAP directory are applied to the corresponding connected Creatio organizational structure elements.
Attention
LDAP synchronization can only be run for Creatio applications deployed on Windows.
Contents
•Set up automatic synchronization
Set up automatic synchronization
To set up automatic synchronization:
1.Open the System Designer by clicking in the top right corner of the application window.
2.Click the [LDAP integration setup] link in the [Import and integration] block.
3.Populate the [Synchronization interval (hours)] field. Automatic synchronization of users with LDAP will run with the specified intervals.
4.Select the [Synchronize only groups] checkbox to automatically deactivate Creatio users excluded from synchronized groups in the LDAP catalog and activate users included in the synchronized groups.
5.Clear the [Grant licenses] checkbox to disable automatic licensing of users when synchronizing with LDAP.
Note
Populating other fields of the [LDAP integration setup] page is described in the “Setting up LDAP integration” article.
6.Click the [Save] button to save the new folder (Fig. 1).
After you save the LDAP integration setup page, the synchronization will run automatically. The “Run LDAP import” process (Fig. 2) manages the synchronization actions.
To run the manual synchronization:
1.Open the System Designer by clicking in the top right corner of the application window.
2.Click the [Organizational roles] link in the [Users and administration] block.
3.Select the [Synchronize with LDAP] option in the section menu (Fig. 3). The “Run LDAP synchronization” process will be run, which in turn calls the “Synchronize user data with LDAP” process (Fig. 4).
Creatio will notify you when the synchronization is complete.
Note
If the number of synchronized users exceeds the number of active licenses, system administrators will be notified via the communication panel and email.
-
If an LDAP user is no longer among the active users, the [Active] checkbox will be cleared on the page of the corresponding Creatio user and such user will not be able to log in.
-
If a previously inactive LDAP user has been activated, then the [Active] checkbox will be selected on the page of the synchronized Creatio user.
-
If an LDAP user or group of users has been renamed, then the synchronized Creatio users and roles will be renamed as well.
-
If an LDAP user has been excluded from an LDAP group connected with a Creatio organizational structure element and the [Synchronize only groups] checkbox is selected, then the corresponding Creatio user will be automatically deactivated and excluded from the organizational structure element.
-
If an LDAP user has been included in an LDAP group connected with a Creatio organizational structure element and the [Synchronize only groups] checkbox is selected, then the corresponding Creatio user will be automatically activated and included in the organizational structure element.
-
If new unsynchronized LDAP users have been added to a synchronized LDAP element, the users will be imported to Creatio.
-
If there are Creatio users (not imported from LDAP) whose names match LDAP user names, their synchronization will not be performed.
-
If a synchronized LDAP user was deleted from a group connected with Creatio organizational structure element, such user will remain active in Creatio but will not be able to log in.
-
All synchronized users will be granted licenses.
See also
•Link LDAP elements to Creatio users and roles