Service Creatio, enterprise edition
PDF
This documentation is valid for Creatio version 7.16.0. We recommend using the newest version of Creatio documentation.

Running LDAP synchronization

During the synchronization session, all changes made to users and groups in the LDAP directory are applied to the corresponding connected Creatio organizational structure elements.

Attention

LDAP synchronization can only be run for Creatio applications deployed on Windows.

Contents

Set up automatic synchronization

Run synchronization manually

Synchronization results

Set up automatic synchronization

To set up automatic synchronization:

1.Open the System Designer by clicking system_designer.png in the top right corner of the application window.

2.Click the [LDAP integration setup] link in the [Import and integration] block.

3.Populate the [Synchronization interval (hours)] field. Automatic synchronization of users with LDAP will run with the specified intervals.

4.Select the [Synchronize only groups] checkbox to automatically deactivate Creatio users excluded from synchronized groups in the LDAP catalog and activate users included in the synchronized groups.

5.Clear the [Grant licenses] checkbox to disable automatic licensing of users when synchronizing with LDAP.

Note

Populating other fields of the [LDAP integration setup] page is described in the “Setting up LDAP integration” article.

6.Click the [Save] button to save the new folder (Fig. 1).

Fig. 1 Saving of the populated LDAP integration setup page

scr_chapter_ldap_synchronization_save_ldap_integr_setup.png 

After you save the LDAP integration setup page, the synchronization will run automatically. The “Run LDAP import” process (Fig. 2) manages the synchronization actions.

Fig. 2 – The “Run LDAP import” process

scr_chapter_ldap_synchronization_process_log_launch_import.png 

Run synchronization manually

To run the manual synchronization:

1.Open the System Designer by clicking system_designer00004.png in the top right corner of the application window.

2.Click the [Organizational roles] link in the [Users and administration] block.

3.Select the [Synchronize with LDAP] option in the section menu (Fig. 3). The “Run LDAP synchronization” process will be run, which in turn calls the “Synchronize user data with LDAP” process (Fig. 4).

Fig. 3 – the [Synchronize with LDAP] action

scr_chapter_ldap_synchronization_process_org_roles_ldap_sync.png 

Fig. 4 – The “ Synchronize user data with LDAP” and “Run LDAP synchronization” processes

scr_chapter_ldap_synchronization_process_process_log_sync_users_data.png 

Creatio will notify you when the synchronization is complete.

Note

If the number of synchronized users exceeds the number of active licenses, system administrators will be notified via the communication panel and email.

Synchronization results

  • If an LDAP user is no longer among the active users, the [Active] checkbox will be cleared on the page of the corresponding Creatio user and such user will not be able to log in.

  • If a previously inactive LDAP user has been activated, then the [Active] checkbox will be selected on the page of the synchronized Creatio user.

  • If an LDAP user or group of users has been renamed, then the synchronized Creatio users and roles will be renamed as well.

  • If an LDAP user has been excluded from an LDAP group connected with a Creatio organizational structure element and the [Synchronize only groups] checkbox is selected, then the corresponding Creatio user will be automatically deactivated and excluded from the organizational structure element.

  • If an LDAP user has been included in an LDAP group connected with a Creatio organizational structure element and the [Synchronize only groups] checkbox is selected, then the corresponding Creatio user will be automatically activated and included in the organizational structure element.

  • If new unsynchronized LDAP users have been added to a synchronized LDAP element, the users will be imported to Creatio.

  • If there are Creatio users (not imported from LDAP) whose names match LDAP user names, their synchronization will not be performed.

  • If a synchronized LDAP user was deleted from a group connected with Creatio organizational structure element, such user will remain active in Creatio but will not be able to log in.

  • All synchronized users will be granted licenses.

See also

Managing users

Link LDAP elements to Creatio users and roles

Set up user authentication through LDAP on Windows

LDAP FAQ

Did you find this information useful?

How can we improve it?