10.3.9 Synchronize with Active Directory

Active Directory (AD), a service provided by Microsoft, can seamlessly integrate with EPC if your organization utilizes this software. This integration allows System Admins to automatically synchronize the company’s AD with the EPC user directory, resulting in considerable time savings and ensuring that all of the organization’s employees are readily available in the EPC Directory.

In this topic, we’ll explore how to manually synchronize EPC users with AD and how to set up the automatic AD sync.

!This feature is exclusively available to organizations using Microsoft’s Active Directory and possessing the necessary license for integration with EPC.

How to Manually Synchronize with AD

*To perform this action, the user must have System Admin permission.

1. Navigate to the System Admin section.
2. Select the ‘Users’ tab.
3. Click on (This button will only be visible if you organization requested the AD license)

How to Set Up the Automatic Sync of User Attributes, Groups and Roles

Organizations have the option to enable automatic synchronization of user attributes, groups, and roles. Here’s the process: whenever a user logs into EPC using Single Sign-On (SSO), EPC will automatically create or update the user’s attributes based on the SAML response. Simultaneously, it will create or update the user’s groups and roles, ensuring a seamless association between the user and these specific groups and roles.

*To perform this action, the user must have System Admin permission.

1. To enable this feature, navigate to the System Admin section.
2. Select the ‘Advanced’ tab
3. Locate and modify the ENABLE_SAML_SYNC_GROUPS and ENABLE_SAML_SYNC_TITLE settings from ‘false’ to ‘true’.

Additional Rules of the Automatic Sync

• If a user is associated with a group within AD that is not already in EPC, EPC will automatically create the group and add the user to it.
• If a user is already a member of a group that is not valid in AD, and the group assignment was made via AD (and not within EPC), the user will be removed from the group.
• If a user is associated with a group in EPC that was not originally created by AD, the user will remain a member of that group.
• When a user logs in EPC, the system creates the user’s resource and associated role(s) if they do not already exist. Then, the system assigns the resource to the role(s).