Administrators configure Active Directory (AD) or LDAP integration for automatic user synchronization and group management.
Active Directory Configuration:
Active Directory Configuration: Connection Settings: LDAP URL: [ldaps://ad.company.com:636] Use SSL/TLS: ☑ Yes (ldaps://) Port: [636] (default: 389 for ldap, 636 for ldaps) Base DN: [DC=company,DC=com] Bind DN: [CN=Service Account,OU=Services,DC=company,DC=com] Bind Password: [••••••••••] Connection Timeout: [30] seconds Read Timeout: [60] seconds Connection Pool Size: [10] User Settings: User DN: [OU=Users,DC=company,DC=com] User Object Class: [person] Username Attribute: [sAMAccountName] Email Attribute: [mail] First Name Attribute: [givenName] Last Name Attribute: [sn] Phone Attribute: [telephoneNumber] Department Attribute: [department] Job Title Attribute: [title] User Search Filter: [(objectClass=person)] User Search Scope: Subtree Group Settings: Group DN: [OU=Groups,DC=company,DC=com] Group Object Class: [group] Group Name Attribute: [cn] Group Membership Attribute: [memberOf] Member Attribute: [member] Group Search Filter: [(objectClass=group)] Group Search Scope: Subtree Sync Schedule: Frequency: ☑ Every 6 hours Sync Time: 00:00, 06:00, 12:00, 18:00 UTC Last Sync: 2025-01-25 12:00 UTC Next Sync: 2025-01-25 18:00 UTC ☐ Daily ☐ Every 12 hours ☐ Manual only [Test Connection] [Sync Now] [View Sync Log] [Save Configuration]
Connection Testing:
Test LDAP Connection:
Step 1: Testing Connection
✓ DNS resolution successful
✓ Port 636 accessible
✓ SSL certificate valid
✓ Connection established
Step 2: Testing Authentication
✓ Bind DN authenticated
✓ Service account has read permissions
Step 3: Testing User Search
✓ User DN accessible
✓ User search filter valid
✓ Found 1,247 user accounts
Sample users:
- john.doe@company.com
- jane.smith@company.com
- bob.johnson@company.com
Step 4: Testing Group Search
✓ Group DN accessible
✓ Group search filter valid
✓ Found 87 groups
Sample groups:
- Data-Governance-Team
- Finance-Data-Owners
- Analytics-Team
Step 5: Testing Attribute Mapping
✓ All required attributes found
✓ Email addresses valid
✓ Names properly formatted
Result: ✓ All Tests Passed
[Save and Enable Sync] [View Details] [Re-test]
Map AD Groups to Elementrix Roles:
Active Directory Group Mapping: Purpose: Automatically assign Elementrix roles based on AD group membership Current Mappings: ┌────────────────────────────────────────────────┐ │ AD Group: Data-Governance-Team │ │ → Elementrix Role: DATA_GOVERNANCE │ │ Members: 8 users │ │ Last Synced: 2025-01-25 12:00 UTC │ │ [Edit] [Remove] │ ├────────────────────────────────────────────────┤ │ AD Group: Finance-Data-Owners │ │ → Elementrix Role: Finance Data Owner │ │ → Domain: Finance │ │ Members: 15 users │ │ Last Synced: 2025-01-25 12:00 UTC │ │ [Edit] [Remove] │ ├────────────────────────────────────────────────┤ │ AD Group: Analytics-Team │ │ → Elementrix Role: REGULAR_DEFAULT_USER │ │ → Domain: Analytics │ │ Members: 42 users │ │ Last Synced: 2025-01-25 12:00 UTC │ │ [Edit] [Remove] │ ├────────────────────────────────────────────────┤ │ AD Group: IT-Administrators │ │ → Elementrix Role: SUPER_ADMIN │ │ Members: 12 users │ │ Last Synced: 2025-01-25 12:00 UTC │ │ [Edit] [Remove] │ └────────────────────────────────────────────────┘ [Add Mapping] [Sync Groups] [Remove All Mappings]
Create Group Mapping:
Create Group Mapping: Step 1: Select AD Group Search AD Groups: [Data] Found Groups: ☑ Data-Governance-Team (8 members) ☐ Data-Science-Team (23 members) ☐ Data-Engineering-Team (34 members) Selected: Data-Governance-Team DN: CN=Data-Governance-Team,OU=Groups,DC=company,DC=com Step 2: Map to Elementrix Role Select Role: ☑ DATA_GOVERNANCE ☐ SUPER_ADMIN ☐ REGULAR_DEFAULT_USER ☐ Custom Role: [Select] Step 3: Domain Assignment (Optional) Assign users to domains: ☐ Finance ☐ Marketing ☑ All domains (governance has cross-domain access) Step 4: Additional Settings ☑ Sync on every AD sync ☑ Remove role when user leaves AD group ☑ Notify users when role assigned ☐ Require user to accept terms Preview: When users are added to AD group "Data-Governance-Team": → They will be assigned "DATA_GOVERNANCE" role in Elementrix → They will have access to all domains → They will receive email notification When users are removed from AD group: → "DATA_GOVERNANCE" role will be revoked → Email notification sent [Create Mapping] [Cancel]
Group Mapping Details:
Group Mapping: Finance-Data-Owners → Finance Data Owner AD Group Information: Name: Finance-Data-Owners DN: CN=Finance-Data-Owners,OU=Finance,OU=Groups,DC=company,DC=com Description: Finance department data owners Members in AD: 15 users Elementrix Role: Role: Finance Data Owner (Custom Role) Permissions: 23 permissions Domain: Finance Sync Settings: Auto-sync: ☑ Yes Sync frequency: Every 6 hours Remove on group exit: ☑ Yes Notify on assignment: ☑ Yes Member Synchronization: Users synced: 15 / 15 ✓ john.doe@company.com ✓ jane.smith@company.com ✓ bob.johnson@company.com ... (12 more) Last sync: 2025-01-25 12:00 UTC Next sync: 2025-01-25 18:00 UTC Sync History: 2025-01-25 12:00: 15 users synced, 0 added, 0 removed 2025-01-25 06:00: 15 users synced, 0 added, 1 removed 2025-01-25 00:00: 16 users synced, 2 added, 0 removed [Edit Mapping] [Force Sync] [View Audit Log] [Remove Mapping]
Sync Configuration:
User Sync Configuration:
Sync Strategy:
☑ Create new users automatically
☑ Update existing users
☑ Disable users removed from AD
☐ Delete users removed from AD (not recommended)
User Creation Settings:
Default Role: [REGULAR_DEFAULT_USER]
Send Welcome Email: ☑ Yes
Require Email Verification: ☐ No (AD email already verified)
Require Password Change: ☐ No (using SSO)
Enable MFA: ☑ Yes (enforce for all users)
User Update Settings:
Update Fields:
☑ First Name
☑ Last Name
☑ Email
☑ Phone
☑ Department
☑ Job Title
Preserve Elementrix-specific data:
☑ Owned data products
☑ Steward assignments
☑ Notification preferences
☑ Custom roles (beyond AD mapping)
User Deactivation:
When user is removed from AD:
☑ Disable Elementrix account
☑ Revoke active sessions
☑ Keep user data (for audit)
☐ Reassign owned products to: [manager]
☑ Remove steward assignments
☑ Notify admins
Conflict Resolution:
Email conflict (duplicate emails):
☑ Keep existing user
☐ Update to new AD user
☑ Notify admin
Username conflict:
☑ Keep existing user
☑ Append number to new username
[Save Configuration] [Test Sync] [Cancel]
Sync Execution:
User Synchronization: Manual Sync Initiated: 2025-01-25 14:30:00 UTC Progress: [▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓░░] 87% (1,089 / 1,247 users) Current Phase: Updating users Statistics: Users in AD: 1,247 Users in Elementrix: 1,189 New users found: 58 ✓ Created: 58 Existing users: 1,189 ✓ Updated: 845 - No changes: 244 - Skipped: 0 Removed from AD: 0 - Disabled: 0 - Kept active: 0 Errors: 0 Estimated time remaining: 2 minutes [View Details] [Cancel Sync]
Sync Report:
User Sync Report:
Sync Completed: 2025-01-25 14:32:15 UTC
Duration: 2 minutes 15 seconds
Status: ✓ Success
Summary:
Total AD Users: 1,247
Total Elementrix Users: 1,247
Created: 58 new users
Updated: 845 users
No Changes: 344 users
Disabled: 0 users
Errors: 0
Created Users:
1. michael.brown@company.com (Marketing)
2. sarah.wilson@company.com (Sales)
3. david.jones@company.com (Finance)
... (55 more)
Actions Taken:
- Created Elementrix accounts
- Assigned REGULAR_DEFAULT_USER role
- Sent welcome emails
- Assigned to domains based on department
Updated Users:
1. john.doe@company.com
- Department: Finance → Accounting
- Job Title: Analyst → Senior Analyst
2. jane.smith@company.com
- Phone: Updated
- Department: Updated
... (843 more)
Group Mappings Applied:
- Data-Governance-Team: 8 users assigned DATA_GOVERNANCE role
- Finance-Data-Owners: 15 users assigned Finance Data Owner role
- Analytics-Team: 42 users assigned to Analytics domain
- IT-Administrators: 12 users assigned SUPER_ADMIN role
Warnings: 0
Errors: 0
[Download Full Report] [Email Report] [View Details]
Sync History:
Synchronization History: Recent Syncs: ┌────────────────────────────────────────────────┐ │ 2025-01-25 14:30 UTC (Manual) │ │ Status: ✓ Success │ │ Duration: 2m 15s │ │ Created: 58, Updated: 845 │ │ [View Report] [Download Logs] │ ├────────────────────────────────────────────────┤ │ 2025-01-25 12:00 UTC (Scheduled) │ │ Status: ✓ Success │ │ Duration: 1m 54s │ │ Created: 0, Updated: 234 │ │ [View Report] [Download Logs] │ ├────────────────────────────────────────────────┤ │ 2025-01-25 06:00 UTC (Scheduled) │ │ Status: ✓ Success │ │ Duration: 1m 47s │ │ Created: 2, Updated: 156 │ │ [View Report] [Download Logs] │ ├────────────────────────────────────────────────┤ │ 2025-01-25 00:00 UTC (Scheduled) │ │ Status: ⚠️ Completed with warnings │ │ Duration: 2m 03s │ │ Created: 1, Updated: 189 │ │ Warnings: 2 (duplicate emails) │ │ [View Report] [Download Logs] │ └────────────────────────────────────────────────┘ [View All History] [Export History] [Schedule Report]
Connection Issues:
Issue: Cannot connect to LDAP server
Possible Causes:
1. Network/Firewall Issues
- Verify port 636 (ldaps) or 389 (ldap) is accessible
- Check firewall rules
- Test with: telnet ad.company.com 636
2. SSL Certificate Issues
- Verify SSL certificate is valid
- Check certificate trust chain
- Import CA certificate if needed
3. DNS Issues
- Verify DNS resolution
- Test with: nslookup ad.company.com
4. Credentials
- Verify bind DN and password
- Check service account permissions
- Ensure account is not locked
Diagnostic Command:
ldapsearch -x -H ldaps://ad.company.com:636 \
-D "CN=Service Account,OU=Services,DC=company,DC=com" \
-W -b "DC=company,DC=com"
[Test Connection] [View Logs] [Contact Support]
Sync Issues:
Issue: Users not syncing from AD Possible Causes: 1. Search Filter Issues - Verify user search filter - Check user DN path - Test filter in AD 2. Attribute Mapping Issues - Verify all required attributes exist - Check attribute names (case-sensitive) - Ensure email attribute populated 3. Permissions Issues - Verify service account has read permissions - Check OU access rights 4. Schedule Issues - Verify sync is enabled - Check sync schedule - Review sync history Diagnostics: Last Sync: 2025-01-25 12:00 UTC Status: Success Users Synced: 1,247 [Force Sync] [View Sync Logs] [Test User Search]
Service Account:
Connection Security:
Optimization:
Large Directories:
Regular Tasks:
Monitoring: