Mapping of LDAP group to a role

Granular Access Control of Adeptia Connect provides role-based access control to the LDAP Group. In Adeptia Connect, you can map the LDAP Group to a role to perform the specific actions.

This section contains the following information:

Prerequisites for mapping

You must meet the following requirements before you map LDAP Group to a role:

• Only System Admin have access to map the LDAP Group to a role. Therefore, ensure that you log in with the rights of a System Admin.

• Ensure that LDAP and GAC features are enabled.

Steps for mapping

To map an LDAP Group to Role, follow the steps given below.

1. Go to Account > My Company.
2. Click LDAP Group-Role Mappings.
   
   
   
   

3. On mapping screen, do the following:
   
   
   
   

   You can search the LDAP Group from the 'Select LDAP Group' field. If you enter the first alphabet of your LDAP group name then it will display the list of group names starting with that alphabet.
4. Select the LDAP Group from the drop-down list of Select LDAP Group which you want to map with a role.

5. Select the Company/Partner from Company/Partner drop-down list. You can select multiple companies/Partners from the drop-down list and map with role.

   You can search the Company/Partner from the 'Company/Partner' field. If you enter the first alphabet of your Company/Partner name then it will display the list of names starting with that alphabet.
   
   You cannot select Company and Partner together from the 'Company/Partner' field as roles for both of them are different. If you select company along with the partner or vice-versa then the application throws an alert message.
6. Select the role from the drop-down list of Role. You can select multiple roles for company or partner to map with one LDAP Group.
7. Select the Default Role from the drop-down list of Default Role.
8. Click Add More  icon If you want to map the role in the same LDAP group.
9. In case, you want to map the role with different LDAP group, click Add More icon.
10. Click Save.
    A message is displayed confirming that the Role has been mapped with LDAP Group successfully.

Restricting login of an LDAP user not mapped to a Role

You can restrict the users to log in to Adeptia Connect if their LDAP group is not mapped to a Role. To achieve this, you need to configure a property, abpm.ldap.restrictUser.ifNoGroupRoleMappingExist, by following the steps given below.

1. Go to Account > Settings.
2. Expand Server Nodes Settings, and select a node.
3. Click Edit, and then expand the category Systems > LDAP Authentication.

4. Set the value for the property abpm.ldap.restrictUser.ifNoGroupRoleMappingExist to true. 
   The default value for this property is false.

   When the property is set to true, the user will see the following error message while logging in to Adeptia Connect in case his LDAP group is not mapped to a Role.