Hyland Connect

Dennis_Riley · ‎08-16-2018

Hello,

We would like to move to Active Directory group mapping with Onbase User Groups. We have many Onbase User Groups, and want to maintain a 1-to1 mapping of the Onbase User Groups to AD groups. Does anyone have a script or method to copy the Onbase User Groups to Active Directory groups? Or will we have to manually build them?

Dennis

AdamShaneHyland · ‎08-22-2018

Hi Dennis,

You will want to implement that Active Directory - Enhanced authentication method to integrate OnBase with Active Directory. This setting is available within Configuration under Utils | Directory Service Authentication.

Once you have opened the Settings of the Active Directory - Enhanced feature, you can add your domain which you wish to map. From there, you will have a right-click option labeled Auto-Configure using matching Group Names which allows you to map OnBase User Groups to Active Directory User Groups provided they have matching names. This feature will capture the Active Directory User Groups SID and store it within OnBase.

From there, all user group assignment will be done within the Active Directory - Enhanced Settings window. If a user is not mapped either be being a member of the Active Directory user group which is mapped to the OnBase user group OR manually mapped by dragging the user from the Active Directory side to the OnBase user group side, then they will be removed from the OnBase user group upon login. This means, if you were to add a user to a user group within the Users | User Groups OR Users | User name and Passwords | User Group the user will be removed from the OnBase user group upon login. The only way around this is to make the OnBase user group manually managed. The Manage Manually option is available via right-click on the OnBase user group. When a user group in OnBase is manually managed, it is not mapped to Active Directory and therefore user who were manually put within this group will not be removed upon login.

Hope this helps.

View answer in original post

AdamShaneHyland · ‎08-22-2018

Hi Dennis,

You will want to implement that Active Directory - Enhanced authentication method to integrate OnBase with Active Directory. This setting is available within Configuration under Utils | Directory Service Authentication.

Once you have opened the Settings of the Active Directory - Enhanced feature, you can add your domain which you wish to map. From there, you will have a right-click option labeled Auto-Configure using matching Group Names which allows you to map OnBase User Groups to Active Directory User Groups provided they have matching names. This feature will capture the Active Directory User Groups SID and store it within OnBase.

From there, all user group assignment will be done within the Active Directory - Enhanced Settings window. If a user is not mapped either be being a member of the Active Directory user group which is mapped to the OnBase user group OR manually mapped by dragging the user from the Active Directory side to the OnBase user group side, then they will be removed from the OnBase user group upon login. This means, if you were to add a user to a user group within the Users | User Groups OR Users | User name and Passwords | User Group the user will be removed from the OnBase user group upon login. The only way around this is to make the OnBase user group manually managed. The Manage Manually option is available via right-click on the OnBase user group. When a user group in OnBase is manually managed, it is not mapped to Active Directory and therefore user who were manually put within this group will not be removed upon login.

Hope this helps.

Dennis_Riley · ‎08-22-2018

Adam,

Thanks for the detailed explanation!

Dennis

AdamShaneHyland · ‎08-23-2018

My pleasure!

Hyland Connect

Building AD groups from Onbase User Groups?