Administrators configure Active Directory (AD) or LDAP integration for automatic user synchronization and group management.
Active Directory Configuration:
Active Directory Configuration:
Connection Settings:
LDAP URL: [ldaps://ad.company.com:636]
Use SSL/TLS: ☑ Yes (ldaps://)
Port: [636] (default: 389 for ldap, 636 for ldaps)
Base DN: [DC=company,DC=com]
Bind DN: [CN=Service Account,OU=Services,DC=company,DC=com]
Bind Password: [••••••••••]
Connection Timeout: [30] seconds
Read Timeout: [60] seconds
Connection Pool Size: [10]
User Settings:
User DN: [OU=Users,DC=company,DC=com]
User Object Class: [person]
Username Attribute: [sAMAccountName]
Email Attribute: [mail]
First Name Attribute: [givenName]
Last Name Attribute: [sn]
Phone Attribute: [telephoneNumber]
Department Attribute: [department]
Job Title Attribute: [title]
User Search Filter: [(objectClass=person)]
User Search Scope: Subtree
Group Settings:
Group DN: [OU=Groups,DC=company,DC=com]
Group Object Class: [group]
Group Name Attribute: [cn]
Group Membership Attribute: [memberOf]
Member Attribute: [member]
Group Search Filter: [(objectClass=group)]
Group Search Scope: Subtree
Sync Schedule:
Frequency: ☑ Every 6 hours
Sync Time: 00:00, 06:00, 12:00, 18:00 UTC
Last Sync: 2025-01-25 12:00 UTC
Next Sync: 2025-01-25 18:00 UTC
☐ Daily
☐ Every 12 hours
☐ Manual only
[Test Connection] [Sync Now] [View Sync Log] [Save Configuration]
Connection Testing:
Test LDAP Connection:
Step 1: Testing Connection
✓ DNS resolution successful
✓ Port 636 accessible
✓ SSL certificate valid
✓ Connection established
Step 2: Testing Authentication
✓ Bind DN authenticated
✓ Service account has read permissions
Step 3: Testing User Search
✓ User DN accessible
✓ User search filter valid
✓ Found 1,247 user accounts
Sample users:
- john.doe@company.com
- jane.smith@company.com
- bob.johnson@company.com
Step 4: Testing Group Search
✓ Group DN accessible
✓ Group search filter valid
✓ Found 87 groups
Sample groups:
- Data-Governance-Team
- Finance-Data-Owners
- Analytics-Team
Step 5: Testing Attribute Mapping
✓ All required attributes found
✓ Email addresses valid
✓ Names properly formatted
Result: ✓ All Tests Passed
[Save and Enable Sync] [View Details] [Re-test]
Map AD Groups to Elementrix Roles:
Active Directory Group Mapping:
Purpose: Automatically assign Elementrix roles based on AD group membership
Current Mappings:
┌────────────────────────────────────────────────┐
│ AD Group: Data-Governance-Team │
│ → Elementrix Role: DATA_GOVERNANCE │
│ Members: 8 users │
│ Last Synced: 2025-01-25 12:00 UTC │
│ [Edit] [Remove] │
├────────────────────────────────────────────────┤
│ AD Group: Finance-Data-Owners │
│ → Elementrix Role: Finance Data Owner │
│ → Domain: Finance │
│ Members: 15 users │
│ Last Synced: 2025-01-25 12:00 UTC │
│ [Edit] [Remove] │
├────────────────────────────────────────────────┤
│ AD Group: Analytics-Team │
│ → Elementrix Role: REGULAR_DEFAULT_USER │
│ → Domain: Analytics │
│ Members: 42 users │
│ Last Synced: 2025-01-25 12:00 UTC │
│ [Edit] [Remove] │
├────────────────────────────────────────────────┤
│ AD Group: IT-Administrators │
│ → Elementrix Role: SUPER_ADMIN │
│ Members: 12 users │
│ Last Synced: 2025-01-25 12:00 UTC │
│ [Edit] [Remove] │
└────────────────────────────────────────────────┘
[Add Mapping] [Sync Groups] [Remove All Mappings]
Create Group Mapping:
Create Group Mapping:
Step 1: Select AD Group
Search AD Groups: [Data]
Found Groups:
☑ Data-Governance-Team (8 members)
☐ Data-Science-Team (23 members)
☐ Data-Engineering-Team (34 members)
Selected: Data-Governance-Team
DN: CN=Data-Governance-Team,OU=Groups,DC=company,DC=com
Step 2: Map to Elementrix Role
Select Role:
☑ DATA_GOVERNANCE
☐ SUPER_ADMIN
☐ REGULAR_DEFAULT_USER
☐ Custom Role: [Select]
Step 3: Domain Assignment (Optional)
Assign users to domains:
☐ Finance
☐ Marketing
☑ All domains (governance has cross-domain access)
Step 4: Additional Settings
☑ Sync on every AD sync
☑ Remove role when user leaves AD group
☑ Notify users when role assigned
☐ Require user to accept terms
Preview:
When users are added to AD group "Data-Governance-Team":
→ They will be assigned "DATA_GOVERNANCE" role in Elementrix
→ They will have access to all domains
→ They will receive email notification
When users are removed from AD group:
→ "DATA_GOVERNANCE" role will be revoked
→ Email notification sent
[Create Mapping] [Cancel]
Group Mapping Details:
Group Mapping: Finance-Data-Owners → Finance Data Owner
AD Group Information:
Name: Finance-Data-Owners
DN: CN=Finance-Data-Owners,OU=Finance,OU=Groups,DC=company,DC=com
Description: Finance department data owners
Members in AD: 15 users
Elementrix Role:
Role: Finance Data Owner (Custom Role)
Permissions: 23 permissions
Domain: Finance
Sync Settings:
Auto-sync: ☑ Yes
Sync frequency: Every 6 hours
Remove on group exit: ☑ Yes
Notify on assignment: ☑ Yes
Member Synchronization:
Users synced: 15 / 15
✓ john.doe@company.com
✓ jane.smith@company.com
✓ bob.johnson@company.com
... (12 more)
Last sync: 2025-01-25 12:00 UTC
Next sync: 2025-01-25 18:00 UTC
Sync History:
2025-01-25 12:00: 15 users synced, 0 added, 0 removed
2025-01-25 06:00: 15 users synced, 0 added, 1 removed
2025-01-25 00:00: 16 users synced, 2 added, 0 removed
[Edit Mapping] [Force Sync] [View Audit Log] [Remove Mapping]
Sync Configuration:
User Sync Configuration:
Sync Strategy:
☑ Create new users automatically
☑ Update existing users
☑ Disable users removed from AD
☐ Delete users removed from AD (not recommended)
User Creation Settings:
Default Role: [REGULAR_DEFAULT_USER]
Send Welcome Email: ☑ Yes
Require Email Verification: ☐ No (AD email already verified)
Require Password Change: ☐ No (using SSO)
Enable MFA: ☑ Yes (enforce for all users)
User Update Settings:
Update Fields:
☑ First Name
☑ Last Name
☑ Email
☑ Phone
☑ Department
☑ Job Title
Preserve Elementrix-specific data:
☑ Owned data products
☑ Steward assignments
☑ Notification preferences
☑ Custom roles (beyond AD mapping)
User Deactivation:
When user is removed from AD:
☑ Disable Elementrix account
☑ Revoke active sessions
☑ Keep user data (for audit)
☐ Reassign owned products to: [manager]
☑ Remove steward assignments
☑ Notify admins
Conflict Resolution:
Email conflict (duplicate emails):
☑ Keep existing user
☐ Update to new AD user
☑ Notify admin
Username conflict:
☑ Keep existing user
☑ Append number to new username
[Save Configuration] [Test Sync] [Cancel]
Sync Execution:
User Synchronization:
Manual Sync Initiated: 2025-01-25 14:30:00 UTC
Progress:
[▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓░░] 87% (1,089 / 1,247 users)
Current Phase: Updating users
Statistics:
Users in AD: 1,247
Users in Elementrix: 1,189
New users found: 58
✓ Created: 58
Existing users: 1,189
✓ Updated: 845
- No changes: 244
- Skipped: 0
Removed from AD: 0
- Disabled: 0
- Kept active: 0
Errors: 0
Estimated time remaining: 2 minutes
[View Details] [Cancel Sync]
Sync Report:
User Sync Report:
Sync Completed: 2025-01-25 14:32:15 UTC
Duration: 2 minutes 15 seconds
Status: ✓ Success
Summary:
Total AD Users: 1,247
Total Elementrix Users: 1,247
Created: 58 new users
Updated: 845 users
No Changes: 344 users
Disabled: 0 users
Errors: 0
Created Users:
1. michael.brown@company.com (Marketing)
2. sarah.wilson@company.com (Sales)
3. david.jones@company.com (Finance)
... (55 more)
Actions Taken:
- Created Elementrix accounts
- Assigned REGULAR_DEFAULT_USER role
- Sent welcome emails
- Assigned to domains based on department
Updated Users:
1. john.doe@company.com
- Department: Finance → Accounting
- Job Title: Analyst → Senior Analyst
2. jane.smith@company.com
- Phone: Updated
- Department: Updated
... (843 more)
Group Mappings Applied:
- Data-Governance-Team: 8 users assigned DATA_GOVERNANCE role
- Finance-Data-Owners: 15 users assigned Finance Data Owner role
- Analytics-Team: 42 users assigned to Analytics domain
- IT-Administrators: 12 users assigned SUPER_ADMIN role
Warnings: 0
Errors: 0
[Download Full Report] [Email Report] [View Details]
Sync History:
Synchronization History:
Recent Syncs:
┌────────────────────────────────────────────────┐
│ 2025-01-25 14:30 UTC (Manual) │
│ Status: ✓ Success │
│ Duration: 2m 15s │
│ Created: 58, Updated: 845 │
│ [View Report] [Download Logs] │
├────────────────────────────────────────────────┤
│ 2025-01-25 12:00 UTC (Scheduled) │
│ Status: ✓ Success │
│ Duration: 1m 54s │
│ Created: 0, Updated: 234 │
│ [View Report] [Download Logs] │
├────────────────────────────────────────────────┤
│ 2025-01-25 06:00 UTC (Scheduled) │
│ Status: ✓ Success │
│ Duration: 1m 47s │
│ Created: 2, Updated: 156 │
│ [View Report] [Download Logs] │
├────────────────────────────────────────────────┤
│ 2025-01-25 00:00 UTC (Scheduled) │
│ Status: ⚠️ Completed with warnings │
│ Duration: 2m 03s │
│ Created: 1, Updated: 189 │
│ Warnings: 2 (duplicate emails) │
│ [View Report] [Download Logs] │
└────────────────────────────────────────────────┘
[View All History] [Export History] [Schedule Report]
Connection Issues:
Issue: Cannot connect to LDAP server
Possible Causes:
1. Network/Firewall Issues
- Verify port 636 (ldaps) or 389 (ldap) is accessible
- Check firewall rules
- Test with: telnet ad.company.com 636
2. SSL Certificate Issues
- Verify SSL certificate is valid
- Check certificate trust chain
- Import CA certificate if needed
3. DNS Issues
- Verify DNS resolution
- Test with: nslookup ad.company.com
4. Credentials
- Verify bind DN and password
- Check service account permissions
- Ensure account is not locked
Diagnostic Command:
ldapsearch -x -H ldaps://ad.company.com:636 \
-D "CN=Service Account,OU=Services,DC=company,DC=com" \
-W -b "DC=company,DC=com"
[Test Connection] [View Logs] [Contact Support]
Sync Issues:
Issue: Users not syncing from AD
Possible Causes:
1. Search Filter Issues
- Verify user search filter
- Check user DN path
- Test filter in AD
2. Attribute Mapping Issues
- Verify all required attributes exist
- Check attribute names (case-sensitive)
- Ensure email attribute populated
3. Permissions Issues
- Verify service account has read permissions
- Check OU access rights
4. Schedule Issues
- Verify sync is enabled
- Check sync schedule
- Review sync history
Diagnostics:
Last Sync: 2025-01-25 12:00 UTC
Status: Success
Users Synced: 1,247
[Force Sync] [View Sync Logs] [Test User Search]
Service Account:
Connection Security:
Optimization:
Large Directories:
Regular Tasks:
Monitoring: