AuthMan, Sync Groups to Active Directory
How to mark AuthMan groups for syncing to Active Directory
As a groups registry, AuthMan's powerful Grouper software can provision groups externally, but it does not sync any groups by default.
AuthMan provides a basic provisioning mechanism to push your AuthMan access policy groups as regular LDAP groups in the UOFI Active Directory. This is the preferred method for group authorization enforcement, particularly for services that are configured to use Shibboleth authentication or direct LDAP authentication.
Configure Groups to Sync
- Navigate to the folder that you want to assign to sync.
- Click on the Functions button in the upper right to expand the menu.
- Select Attribute Assignments
- Click the orange +Assign Attribute button
- In the attribute name box, type etc:pspng:provision_to (it should auto-complete as you begin to type.)
- Click the Save button to set the attribute field to the folder.
- In the list of assigned attributes, click the Actions button to the right of the "provision_to" attribute.
- Select Add Value
- Enter the string exactly as uofi_urbana which corresponds to the provisioner to the AuthMan OU.
Group Syncing Considerations
Important Note About Privacy!