AuthMan, Sync Groups to Active Directory

How to mark AuthMan groups for syncing to Active Directory

As a groups registry, AuthMan's powerful Grouper software can provision groups externally, but it does not sync any groups by default.

AuthMan provides a basic provisioning mechanism to push your AuthMan access policy groups as regular LDAP groups in the UOFI Active Directory. This is the preferred method for group authorization enforcement, particularly for services that are configured to use Shibboleth authentication or direct LDAP authentication.

Configure Groups to Sync

  • Anyone that is a delegated "org" or "app" folder admin has the ability to mark groups for sync. 
  • It is recommended to set the sync attributes on the folder once, so that any groups created within that folder are automatically synced.
  • Steps to configure:
    1. Navigate to the folder that you want to assign to sync.
    2. Click on the Functions button in the upper right to expand the menu.
    3. Select Attribute Assignments
    4. Click the orange +Assign Attribute button
    5. In the attribute name box, type etc:pspng:provision_to (it should auto-complete as you begin to type.)
    6. Click the Save button to set the attribute field to the folder.
    7. In the list of assigned attributes, click the Actions button to the right of the "provision_to" attribute.
    8. Select Add Value
    9. Enter the string exactly as uofi_urbana which corresponds to the provisioner to the AuthMan OU. 

Group Syncing Considerations

Important Note About Privacy!