Related Topics:

Managing Security Groups

Associating Security Groups with Active Directory

If your organization uses Microsoft Active Directory (AD), you can give an AD group a specific set of permissions in the Synthesis repository. The members of the AD group can then access the database based on the set of permissions associated with the group.

In addition, the software offers the option to automatically update the permissions of a user whenever that user is added or removed from an AD group. For example, if a user is moved from AD group A to AD group B, his/her Synthesis user account can be automatically updated with the permissions associated with AD group B. The changes will take effect the next time the user connects to the database via any of the Synthesis desktop applications. (Note that for users who will connect only via the Synthesis Enterprise Portal (SEP) website, you’ll need to update their permissions manually either via a desktop application or the Synthesis Admin tool on the web server.)

Tip: Multiple security groups can be assigned to the same user account, if appropriate. For example, a user can be assigned to the "ABC Team" group (which is associated with Active Directory) and the "Read-Only" group (which is not). (See Planning Your Security Approach.)

Assigning Permissions to an Active Directory Group

To associate a Synthesis security group with an Active Directory group, choose File > Manage Repository > Authorized Users and click the Security tab. Then double-click the security group you want to edit.

In the Edit Security Group window, select the Associate this security group with Active Directory check box, and then specify the domain name and Active Directory group to use. There are two additional options, which apply only when  users log in from a Synthesis desktop application:

Creating/Updating Accounts Now

If you don’t want to wait for all users to log in before creating/updating their Synthesis user accounts, click Assign.

 

© 1992-2016. ReliaSoft Corporation. ALL RIGHTS RESERVED.

E-mail Link