How to Include Active Directory Users into Bizagi with LDAP
From Business Process Management, BPM and Workflow Automation Wiki | BizAgi BPMS
<keywords content="keywords"> LDAP, active directory, synchronizing users, users synchronization, ldap synchronization, import users from LDAP, import users, active directory. </keywords>
How to import LDAP Users into Bizagi
Overview
Bizagi presents an option to import users of your organization (residing in an LDAP server), as users in Bizagi.
To configure this synchronization against an LDAP server, it is recommended to have basic concepts of the LDAP standard (in order to be able to use filters, map LDAP attributes, and have an understanding of the required and imported information in this protocol).
|
Note: Using the LDAP module to import your LDAP users into Bizagi is independent from further authentication options set for your project. This means that afterwards you have imported your LDAP users as users in Bizagi (into the WFUser), you may choose to use any type of authentication (such as Bizagi, Windows, Custom, LDAP, etc). |
The following article describes the configuration required in Bizagi Studio to set LDAP synchronization.
What you need to do in Bizagi
To set and test the LDAP configuration you need to specify the detail regarding your LDAP server (such as its URL and connection credentials). This is done in 3 tabs in Bizagi's development environment (Bizagi Studio).
Take into account that configuring the LDAP synchronization for a Bizagi project is done and can be tested in the Security module, but the actual importation of the LDAP objects is carried out by the Scheduler service of your project (to see them in the execution of your work portal).
Example
In the following example, we will illustrate how to configure the LDAP synchronization against a Microsoft Active Directory LDAP server.
To do this, we go to the Modules view in Bizagi Studio, and click on the Security module.
|
Note: The following example applies for Bizagi Enterprise .Net and Bizagi Xpress editions. |
To review further information about setting up LDAP for Bizagi Enterprise JEE edition, review How to Include Active Directory Users into Bizagi JEE with LDAP.
1. Enable LDAP
Under the security options, locate the LDAP menu item.
To activate the synchronization carried out by the Scheduler, mark the "Enabled" checkbox.
This way, your LDAP users will be imported as Bizagi users (at the hour you define) once you restart the Scheduler.
2. Fill out the basic configuration
In the LDAP options tab, fill out the basic configuration as described in the sections below.
Configure LDAP Path
Specify the URL path to access the LDAP server (LDAP URL format).
Filter
Input a filter to narrow down those users you want to import according to some LDAP attribute. It is strongly recommended to use and set a filtering condition in order to import the proper set of users (specially when testing the configuration). For example, a valid filter would be: "(&(objectClass=user))").
Type the domain
Specify the domain name to which the users will belong in Bizagi's user entity (WFUser).
Select the user property
Choose the LDAP attribute which identifies in an UNIQUE manner each user. For example, sAMAccountName is the common LDAP attribute corresponding to an user's account name.
|
Note: The LDAP attribute identifying in an UNIQUE manner the users, should not have in its values any special characters, such as blank spaces. |
Type the hour when the synchronization will occur
Define an hour of the day in which the Scheduler will perform the LDAP synchronization.
Allowed values for this field are 0 to 23.
3. Specify the synchronization credentials
In Active Directory Options, configure the Username and Password for the connection to the LDAP server.
Notice the username field should contain the domain to which the user belongs to.
4. Include LDAP attribute mappings
In the LDAP Mapping tab, you may include mappings for the Bizagi user's attributes and its corresponding source (LDAP attribute).
Click on the Add mapping button to map any user attribute (for example, contactEmail).
Take into account that fullName is a required field.
For further information about LDAP attributes, review this annex.
5. Define default values
In the Default values tab, you may set default values by clicking on the Add default value button.
It is recommended to import your users from the LDAP server as: not enabled, and not enabled for assignation.
|
Alert: If users have the enabled property in True, then all imported users will be automatically enabled (Active) for the project. This implies that your server must have the license to support this number of active users. If the total number of active users is greater than the number of licensed users, then the Work Portal will stop working. If users have the enabled property in False, users will be initially set as inactive. An administrator user can then manually enable the Active property for each user that will be authorized to access the project. If the enabled property is not explicitly defined, then the users marked as Active will be the number of the supported users by your license. Users will be marked as active in the same order in which the LDAP imports these users. An administrator should check afterwards if the Active assignment is as desired. |
6. Saving the configuration or changes
Click on Save. Click on OK in the confirmation window.
7. Testing the connection and synchronization
You may test and verify that the LDAP configuration was set properly by clicking the Test button.
The test button will show the users that would be imported with the set configuration in the LDAP Test tab.
These results help you check out that the filter and LDAP mappings you set are as desired.
If this is not succesful, an error message appears at the bottom of the tab:
8. Restarting the scheduler service
To start the LDAP objects import in the actual execution of a process, take into account that you need to restart the Scheduler Service with Bizagi Management Console (as shown at stop and start the scheduler).
The synchronization job will execute the synchronization at the defined hour. When this is completed, the LDAP users will be automatically created as Bizagi users.
To view information about the executed synchronization (inserted and updated values), you may check the detail Bizagi saves in the Scheduler's trace.
Detail for this, would begin the line as "INFO_LDAP" at the Scheduler’s log file.
View further information about enabling tracing in Bizagi.
Related Articles
- View further information about LDAP attributes.
- How to Include Active Directory Users into Bizagi JEE with LDAP
- Authentication configuration in Bizagi
- Información sobre LDAP en wikipedia.
<comments />
