This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Create user in OnBase with AD Configuration

Go to answer
Ryan_Wakefield
World-Class Innovator
World-Class Innovator

‎07-01-2021 12:11 PM

Is there a way to use the Unity API to automatically create a user inside of OnBase that is tied to an AD account to where you can map a SID to that same user to be created. I am hoping I am just missing the details of what I need in order to accomplish this.

 

Thanks.

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
AdamShaneHyland
Employee
Employee

‎07-12-2021 09:43 AM

Hi Ryan.

 

You can create an OnBase User Account in Config or via the Unity API.  In both cases, when you create the user account it will not have a SID mapped to the OnBase User Account.  When the user attempts to login via directory service authentication (i.e. AD - Enhanced), OnBase will attempt to find a user with the same SID.  Since this will return no user accounts, it will then look for an OnBase User Account with the same name (i.e. hsi.useraccount.username = AD sAMAccountName attribute).  If they match, then OnBase will store the user's AD SID with the OnBase User Account in the database and the SID will be used the next time the user authenticates.

 

Best wishes.

View answer in original post

12 REPLIES 12

Go to answer
AdamShaneHyland
Employee
Employee
In response to Roger_Linhart

‎07-12-2021 11:33 AM

@Roger Linhart , no.  This behavior has been around since the implementation of Active Directory - Enhanced (or more specifically when it was named Active Directory) in OnBase 12 to my knowledge.

0 Kudos

Go to answer
Rob_Keberdle
Star Collaborator
Star Collaborator
In response to Roger_Linhart

‎07-12-2021 12:13 PM

The dependency on SID existed with the old NT Authentication model, and errors regarding invalid items (due to deletion in AD) would flood the application server.  Roger, perhaps this is what you're thinking of?

0 Kudos

Go to answer
Roger_Linhart
Elite Collaborator
Elite Collaborator
In response to AdamShaneHyland

‎07-12-2021 05:07 PM

From our Support Issue # 00301686

Description
Older OnBase User created with Active Directory is being logged on instead of creating a new user with newer information. Prior to the upgrade the user had a legal name change resulting in their Active Directory account being renamed.

 

OnBase created a new OnBase User with the new AD user name. From this point forward OnBase used the new user name in document history. Since the upgrade this user reports that OnBase has reverted to using their old user name in Document History.

 

Resolution
After using a template script to clear the Security ID of the original OnBase user the correct account was used.

This issue occurred because the Security ID is checked first for an OnBase user, and there was already this SID on a previous user.

0 Kudos

Go to answer
AdamShaneHyland
Employee
Employee
In response to Roger_Linhart

‎07-13-2021 08:30 AM

Hi @Roger Linhart

 

For example, if I logged into OnBase with JDOE and SID 1234, then the next time I logged with OnBase would compare the SID 1234 in order to authenticate me into OnBase. 

 

IF my SID changed for any reason (SID 4312), a new user account would be created (JDOE2). 

 

IF my SID didn't change (SID 1234), but my username did (JIMDOE), the username in OnBase will update as long as you have Synchronize User Attributes enabled.  This was changed with SCR: #281856 in OnBase 17.

 

Take care.

0 Kudos

Go to answer
Ryan_Wakefield
World-Class Innovator
World-Class Innovator
In response to AdamShaneHyland

‎07-13-2021 12:36 PM

Hey @Adam Shane , I do have one very specific question for you regarding this. While I completely understand the logic above, there are still some really REALLY large gaps to it. So I was wondering, do you know what else (aside from the securityid column) would be required to tie the user account to an account in AD? I am assuming that this column is it, but figured I would ask.

 

Thanks.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC