This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

When using multiple domains, how do we get users into the necessary groups?

Chris_Bennett
Confirmed Champ
Confirmed Champ

‎09-03-2024 02:20 PM

We are adding a domain to our Perceptive Content environment as we are adding documents from a different campus that has its own active directory.  After much trial and error, I have finally gotten users from both domains to be able to authenticate and have a second replication agent set up that will work for the second domain.

Apparently, the only was multiple domains will work is if you have a group designated for users from each domain (we are going to call these groups our global groups).  This makes more sense than listing out in the inow.ini all of the groups from each domain.  The problem we have now is how to get all of the existing users into the global group we have created for the current domain, and how to add new users to the correct group as they are added to the system.

 

My thoughts are to:

1. Do a one time query to the database to add all existing users to the first global group.

2. Have an iScript that runs on a schedule that will add new users to one of the global groups based upon their other group memberships as they are added by the two replication agents.

 

My questions for the hive mind are:

1. Does this sound reasonable?

2. Are either or both of these steps possible?

3. Are there existing queries or iScripts that do what we want to do?

4. Is anyone already doing this, either this way or a different way, that could share how they are accomplishing this?

5. If not, does this seem like something that can be done by someone with very basic iScript understanding, or would it definitely need paid services from either Hyland or a third party?

 

Thanks!  I hope I explained things in a way that is understandable.  I look forward to seeing what others have or can come up with.

0 Kudos
8 REPLIES 8

BrandonCrespino
Employee
Employee

‎09-04-2024 02:50 PM

@Chris Bennett  - It sounds like you are merely trying to create users and be able to authenticate them. From what I am reading the User Rep portion is managing the organizing of users into the correct groups. Why not create a group for each LDAP directory to do nothing more than create user accounts and sync new user accounts or remove old accounts?  If the other part of User Rep is adding users to groups for actual authorization you could use the initial group syncs for nothing more than creating or adding users to the system. Unless I am over simplifying this.

0 Kudos

Chris_Bennett
Confirmed Champ
Confirmed Champ

‎09-05-2024 07:46 AM

If you are saying we can leverage replication agent to do more than just copy group membership from Active Directory to Perceptive Content, that would be something to look into.  I assumed that is all it was capable of.  I will have to dig into the documentation.  We do have a separate replication agent for each domain.  If we could have each replication agent add all users it replicates into one specific group as well as the ones it is grabbing from Active Directory, that would be amazing.  I would just have to figure out the initial step of getting existing users into the groups, since we are trying to avoid managing these in active directory.

0 Kudos

Chris_Bennett
Confirmed Champ
Confirmed Champ

‎09-05-2024 12:19 PM

I am not finding any documentation other than the installation guide, that seems to say that Replication agent can only copy users from groups that are in active directory.  Is there other documentation available?  We are trying to avoid having to find the thousands of users we have in AD to put them in an AD group.  It would be nice if Perceptive would handle nested groups, because we could just put all of our perceptive AD groups in the global groups, but that isn't an option.

It seems you are saying our only option would be to handle this group membership on the Active Directory level, because there isn't a way to script adding users to groups within Perceptive Content.  Is that the case?

0 Kudos

BrandonCrespino
Employee
Employee

‎09-05-2024 12:51 PM

Hi @Chris Bennett  - It sounds like your setup is certainly more complex than I am comprehending. We do have iScript methods and Integration Server operations available to create, update, and delete users and to be able to add and remove to groups within Content. That might be your best route to accomplish what is needed.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC