Mapping of groups and roles (for versions before 5.1.0)
You can set up a link between LDAP groups and roles in Passwork and assign one or more roles to each group. When you add a user to such a group, Passwork will automatically assign the selected roles to the user.
To set up mapping, go to the "LDAP settings" page, and set up integration with your LDAP or AD server. Then in the tab "Group and role mapping" you will see the list of your groups, and you can associate them with roles.
Algorithm for synchronizing groups and roles:
- Load a list of users from LDAP and process them one by one
- If the user is not in Passwork, skip it from processing
- If the user is found in Passwork, we obtain the list of his groups from the LDAP
- Find all the roles associated with the groups
- Clear the list of the current roles of the user and apply the found list
💡 Passwork skips roles that were manually assigned to the user.
Synchronization can be done manually from the "Group and role mapping" page, or you can set up automatic mapping.
Automatic mapping works with the task scheduler of your operating system, which calls a special Passwork script.