Mapping Roles to AD Groups

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsMapping Roles to AD Groups
(Tutorial)
Line 1: Line 1:
 
=== Tutorial ===
 
=== Tutorial ===
  
DreamFactory 2.0 allows mapping your Roles imported from your Active Directory server ([[DreamFactory/Tutorials/Importing_Groups_as_Roles|Importing Groups as Roles]])  
+
DreamFactory allows you to map your Roles imported from your Active Directory server ([[DreamFactory/Tutorials/Importing_Groups_as_Roles|Importing Groups as Roles]])  
to your users (per-application) authenticating using DreamFactory Active Directory service.
+
to your users (per-application) authenticating via DreamFactory's Active Directory service.
  
To enable mapping DreamFactory Roles to Active Directory groups check off 'Map Group to Role' checkbox on your Active Directory  
+
To enable mapping DreamFactory Roles to Active Directory groups, check the 'Map Group to Role' checkbox on your Active Directory  
 
service config tab.
 
service config tab.
  
Line 11: Line 11:
 
When this checkbox is checked, DreamFactory will try to match an existing role (imported from Active Directory) with your AD  
 
When this checkbox is checked, DreamFactory will try to match an existing role (imported from Active Directory) with your AD  
 
user's primary group. If no match is found using primary group, then it will try to match with any other group in Active Directory.  
 
user's primary group. If no match is found using primary group, then it will try to match with any other group in Active Directory.  
If still not match is found then it will use the default role specified on your Active Directory service configuration.
+
If still no match is found, then it will use the default role specified on your Active Directory service configuration.
  
Role to Group mapping also supports Active Directory Group hierarchy when 'Allow Group Hierarchy When Mapping' checkbox is checked.  
+
Role to Group mapping also supports Active Directory Group hierarchy when the 'Allow Group Hierarchy When Mapping' checkbox is checked.  
 
This will try to match an existing role (imported from Active Directory) with your AD user's primary group or its parent group hierarchically.  
 
This will try to match an existing role (imported from Active Directory) with your AD user's primary group or its parent group hierarchically.  
If no match is found using primary group and its hierarchy, then it will try to match with any other group and its hierarchy in Active Directory.  
+
If no match is found using the primary group and its hierarchy, then it will try to match with any other group and its hierarchy in Active Directory.  
If still not match is found then it will use the default role specified on your Active Directory service configuration.
+
If still no match is found, then it will use the default role specified on your Active Directory service configuration.

Revision as of 16:22, 15 July 2016

Tutorial

DreamFactory allows you to map your Roles imported from your Active Directory server (Importing Groups as Roles) to your users (per-application) authenticating via DreamFactory's Active Directory service.

To enable mapping DreamFactory Roles to Active Directory groups, check the 'Map Group to Role' checkbox on your Active Directory service config tab.

Ad-group-role-map-heirarchy.png

When this checkbox is checked, DreamFactory will try to match an existing role (imported from Active Directory) with your AD user's primary group. If no match is found using primary group, then it will try to match with any other group in Active Directory. If still no match is found, then it will use the default role specified on your Active Directory service configuration.

Role to Group mapping also supports Active Directory Group hierarchy when the 'Allow Group Hierarchy When Mapping' checkbox is checked. This will try to match an existing role (imported from Active Directory) with your AD user's primary group or its parent group hierarchically. If no match is found using the primary group and its hierarchy, then it will try to match with any other group and its hierarchy in Active Directory. If still no match is found, then it will use the default role specified on your Active Directory service configuration.