Hi Ryan.
If that is what you are experiencing where users are not updated in OnBase after changes are made to Active Directory, then please reach out to support as there appears to be an issue. With both of the Active Directory authentication methods (Basic and Enhanced), the authentication process is the trigger to perform an updates to group assignments within OnBase. Changes are "synced" outside of this process by a background service. This means, if a user is a member of the Human Resources group and then moves to Accounts Receivable, once the user's user groups are updated within Active Directory, the next time they login to OnBase you will see the new groups having been assign (both adding to new user groups and removing from old user groups).
There are some caveats, but they are mostly based on configuration. For instance, if you are using Basic, then all of the user group names in Active Directory must match the group names in OnBase. The comparison is performed based on the name. If the two don't match, then the user group comparison between OnBase and Active Directory will not be synced as OnBase will not be able to find the user group which further means the users assignment will not be updated.
With the Enhanced method, the user groups between Active Directory and OnBase have to be mapped to one another and further the OnBase user group can't be configured as "Manually Managed".
A couple other items, the "Synchronize User Attributes on Auto-Logon" is only used to capture the users Display Name and E-mail Address from Active Directory when the user authenticates. This applies for both methods. The "Group Discovery Strategy" is only used with the Basic authentication method. This setting is recommended to be set to Nested when using this method. Further, the Enhanced authentication method is recommended over the Basic authentication method.
Take care.
