Difference between revisions of "LDAPS Group Sync Profile"
Jump to navigation
Jump to search
Jrobertson (talk | contribs) (Created page with "Category: Sync Profiles") |
Jrobertson (talk | contribs) |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | LDAPS Group Sync Profiles are used to process groups from Active Directory (AD) and put them in the dashboard | ||
| + | ==Minimum requirements for a group to be synced from AD to Cloudwork== | ||
| + | Each group that needs to be synced into Cloudwork require the following attributes in AD: | ||
| + | *Friendly Name Field | ||
| + | *Group Email Field | ||
| + | *Mail Field | ||
| + | |||
| + | ==Information and Settings to have ready before creating sync profile== | ||
| + | ===Directory Configuration=== | ||
| + | In your directory: | ||
| + | *Open your firewall and allow IP ranges from [https://wiki.studentnet.net/index.php/IP_Range#Cloudwork_IP_Range here] | ||
| + | *Create a user in your directory which has read permissions and save the following details about newly created user: | ||
| + | **Username: | ||
| + | **Password: | ||
| + | **Directory Location: | ||
| + | *Have the LDAP path for the container you want synced: | ||
| + | *Note down the IP address your directory server is on: | ||
| + | *Note has the mail attribute populated with the user's email address? If not where is this stored? | ||
| + | |||
| + | ==Creating a the LDAP Group Sync Profile== | ||
| + | |||
| + | |||
| + | #In the '''Cloudwork Dashboard'''>'''Sync Profile'''>'''New Sync Profile'''>'''LDAP Group Sync Profile''' | ||
| + | #Fill in the form: | ||
| + | #*'''Description''': Name or Description of Sync profile | ||
| + | #*'''Ldap Server''': IP Address or hostname of the directory server to collect information from | ||
| + | #*'''Ldap User''': Directory and username of newly created user | ||
| + | #*'''Ldap Password''': Password of newly created user | ||
| + | #*'''Search Container''': The LDAP path for the container you want synced | ||
| + | #Click submit | ||
| + | |||
| + | == Base Settings == | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |+ style="caption-side:bottom; color:#000000;"|''Base Settings'' | ||
| + | |- | ||
| + | ! style="color:black" | Field | ||
| + | ! style="color:black" | Description | ||
| + | |- | ||
| + | |[[Image:userdesc.png]] | ||
| + | |A short description to identify the sync profile | ||
| + | |- | ||
| + | |[[Image:userldapserver.png]] | ||
| + | |IP address or host name of the directory server to collect information from. Password reset will only work over LDAPS:// | ||
| + | |- | ||
| + | |[[Image:userldapuser.png]] | ||
| + | |Username to bind to when collecting | ||
| + | |- | ||
| + | |[[Image:userldappassword.png]] | ||
| + | |Password to use when collecting information from the server | ||
| + | |} | ||
| + | |||
| + | == Group Settings == | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |+ style="caption-side:bottom; color:#000000;"|''User Settings'' | ||
| + | |- | ||
| + | ! style="color:black" | Field | ||
| + | ! style="color:black" | Description | ||
| + | ! style="color:black" | Active Directory Example if available | ||
| + | |- | ||
| + | |[[Image: usersearchcontainer2.png]] | ||
| + | |The qualified name for the container to look for users. eg, OU=students, OU=users, DC=yourdomain, DC=com | ||
| + | |[[Image: usersearchcontainer.png]] | ||
| + | |- | ||
| + | |[[Image: Friendname.png]] | ||
| + | |Friendly name for the group | ||
| + | | | ||
| + | |- | ||
| + | |[[Image: Groupemail.png]] | ||
| + | |The email address for the group | ||
| + | | | ||
| + | |- | ||
| + | |[[Image: Defaultgroup.png]] | ||
| + | |Default Group Type - this setting decides which users can send to the group | ||
| + | | | ||
| + | |- | ||
| + | |[[Image: Groupsisid.png]] | ||
| + | |The LDAP attribute that stores the SIS ID for a group. This field is important for Canvas, and other services. | ||
| + | | | ||
| + | |- | ||
| + | |[[Image: Groupfac.png]] | ||
| + | |Group Faculty Attribute* | ||
| + | | | ||
| + | |- | ||
| + | |[[Image: Groupform.png]] | ||
| + | |Group form attribute* | ||
| + | | | ||
| + | |- | ||
| + | |[[Image: Groupemail.png]] | ||
| + | |Email address attribute used to look up group members | ||
| + | | | ||
| + | |- | ||
| + | |[[Image: Groupextrasearch.png]] | ||
| + | |LDAP query paramaters that will be be used to further restrict Cloudwork's default group syncing | ||
| + | | | ||
| + | |- | ||
| + | |[[Image: Grouptypes.png]] | ||
| + | |Group types, used to set the group types and whether or not the group is to be Synced to Google and/or Azure. Multiple options can be chosen | ||
| + | | | ||
| + | |- | ||
| + | |} | ||
| + | |||
| + | ==Advanced Settings== | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |+ style="caption-side:bottom; color:#000000;"|''Advanced Settings'' | ||
| + | |- | ||
| + | ! style="color:black" | Field | ||
| + | ! style="color:black" | Description | ||
| + | |- | ||
| + | |[[Image: advdomain.png]] | ||
| + | |The email domain for groups. If Force Mail Domain is selected, user accounts created or updated by replace the email domain with this domain | ||
| + | |- | ||
| + | |[[Image: advdirectoy.png]] | ||
| + | |The directory type that the users are syncing from | ||
| + | |- | ||
| + | |[[Image: advdeleteaction.png]] | ||
| + | |When a user is deleted or moved to a location that Cloudwork can't see, Cloudwork will perform the chosen action | ||
| + | |- | ||
| + | |} | ||
| + | |||
| + | |||
| + | [[Category: Sync Profiles]] | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
[[Category: Sync Profiles]] | [[Category: Sync Profiles]] | ||
Latest revision as of 03:54, 13 August 2024
LDAPS Group Sync Profiles are used to process groups from Active Directory (AD) and put them in the dashboard
Contents
Minimum requirements for a group to be synced from AD to Cloudwork
Each group that needs to be synced into Cloudwork require the following attributes in AD:
- Friendly Name Field
- Group Email Field
- Mail Field
Information and Settings to have ready before creating sync profile
Directory Configuration
In your directory:
- Open your firewall and allow IP ranges from here
- Create a user in your directory which has read permissions and save the following details about newly created user:
- Username:
- Password:
- Directory Location:
- Have the LDAP path for the container you want synced:
- Note down the IP address your directory server is on:
- Note has the mail attribute populated with the user's email address? If not where is this stored?
Creating a the LDAP Group Sync Profile
- In the Cloudwork Dashboard>Sync Profile>New Sync Profile>LDAP Group Sync Profile
- Fill in the form:
- Description: Name or Description of Sync profile
- Ldap Server: IP Address or hostname of the directory server to collect information from
- Ldap User: Directory and username of newly created user
- Ldap Password: Password of newly created user
- Search Container: The LDAP path for the container you want synced
- Click submit
Base Settings
| Field | Description |
|---|---|
|
A short description to identify the sync profile |
|
IP address or host name of the directory server to collect information from. Password reset will only work over LDAPS:// |
|
Username to bind to when collecting |
|
Password to use when collecting information from the server |
Group Settings
| Field | Description | Active Directory Example if available |
|---|---|---|
|
The qualified name for the container to look for users. eg, OU=students, OU=users, DC=yourdomain, DC=com | 
|
|
Friendly name for the group | |
|
The email address for the group | |
|
Default Group Type - this setting decides which users can send to the group | |
|
The LDAP attribute that stores the SIS ID for a group. This field is important for Canvas, and other services. | |
|
Group Faculty Attribute* | |
|
Group form attribute* | |
|
|
Email address attribute used to look up group members | |
|
LDAP query paramaters that will be be used to further restrict Cloudwork's default group syncing | |
|
Group types, used to set the group types and whether or not the group is to be Synced to Google and/or Azure. Multiple options can be chosen |
Advanced Settings
| Field | Description |
|---|---|
|
The email domain for groups. If Force Mail Domain is selected, user accounts created or updated by replace the email domain with this domain |
|
The directory type that the users are syncing from |
|
When a user is deleted or moved to a location that Cloudwork can't see, Cloudwork will perform the chosen action |
