Legacy
Passwork 5
Mapping LDAP security groups with roles in Passwork
4 min
you can configure synchronization between ldap security groups and roles in passwork you can associate one or more roles to each group when you add a user to such a group, passwork will automatically assign the selected roles to the user to set up synchronization, go to the ldap settings and set up integration with your ldap or ad server then in the tab group and role mapping you will see the list of your groups and you can link them to the roles algorithm for synchronizing groups and roles take the selected ldap groups and form a dn request to download users from them load users from ldap and process them one by one if you do not have the user in passwork, then skip him from processing or create a new one (depending on the settings) if the user is found in passwork, obtain the list of user groups from the ldap find all the roles associated with the groups clean the list of the user's current roles and apply the list 💡 passwork skips roles that were manually assigned to the user synchronization can be done manually from the group and role mapping tab, or set to run automatically on a schedule for passwork 5 1 0 and newer no additional settings are required synchronization works with passwork background tasks learn more about how background tasks work for versions below passwork 5 1 0 you need to set up php scripts to run on a schedule (cron or windows scheduler) learn more about how to do this configuring cron for linux docid\ gycbea5zmzdc1smx2lyol configuring cron for linux + docker docid\ ea1jf93udslugkuc0xszg configuring windows server scheduler docid\ qeonaj5ji3wamgjms7m35 💡 update your passwork to use the built in background task engine