Mapping Roles to AD Groups

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsMapping Roles to AD Groups

Tutorial

DreamFactory 2.0 allows mapping your Roles imported from your Active Directory server (Importing Groups as Roles) to your users (per-application) authenticating using DreamFactory Active Directory service.

To enable mapping DreamFactory Roles to Active Directory groups check off 'Map Group to Role' checkbox on your Active Directory service config tab.

Ad-group-role-map-heirarchy.png

When this checkbox is checked, DreamFactory will try to match an existing role (imported from Active Directory) with your AD user's primary group. If no match is found using primary group, then it will try to match with any other group in Active Directory. If still not match is found then it will use the default role specified on your Active Directory service configuration.

Role to Group mapping also supports Active Directory Group hierarchy when 'Allow Group Hierarchy When Mapping' checkbox is checked. Checking this checkbox will try to match an existing role (imported from Active Directory) with your AD user's primary group or its parent groups hierarchically. If no match is found using primary group and its hierarchy, then it will try to match with any other group and its hierarchy in Active Directory. If still not match is found then it will use the default role specified on your Active Directory service configuration.

Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Mapping_Roles_to_AD_Groups&oldid=32450"