Mapping Roles to AD Groups

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsMapping Roles to AD Groups

Tutorial

DreamFactory allows you to map your Roles imported from your Active Directory server (Importing Groups as Roles) to your users (per-application) authenticating via DreamFactory's Active Directory service.

To enable mapping DreamFactory Roles to Active Directory groups, check the 'Map Group to Role' checkbox on your Active Directory service config tab.

Ad-group-role-map-heirarchy.png

When this checkbox is checked, DreamFactory will try to match an existing role (imported from Active Directory) with your AD user's primary group. If no match is found using the primary group, then it will try to match with any other group in Active Directory. If still no match is found, then it will use the default role specified on your Active Directory service configuration.

Role to Group mapping also supports Active Directory Group hierarchy when the 'Allow Group Hierarchy When Mapping' checkbox is checked. This will try to match an existing role (imported from Active Directory) with your AD user's primary group or its parent group hierarchically. If no match is found using the primary group and its hierarchy, then it will try to match with any other group and its hierarchy in Active Directory. If still no match is found, then it will use the default role specified on your Active Directory service configuration.