Active Directory (AD), a service provided by Microsoft, can seamlessly integrate with EPC if your organization utilizes this software. This integration allows System Admins to automatically synchronize the company’s AD with the EPC user directory, resulting in considerable time savings and ensuring that all of the organization’s employees are readily available in the EPC Directory.
In this topic, we’ll explore how to manually synchronize EPC users with AD and how to set up the automatic AD sync.
How to Manually Synchronize with AD
- Navigate to the System Admin section.
- Select the ‘Users’ tab.
- Click on (This button will only be visible if you organization requested the AD license)
How to Set Up the Automatic Sync of User Attributes, Groups and Roles (IdP)
Organizations have the option to enable automatic synchronization of user attributes, groups, and roles via their Identity Provider (IdP). Whenever a user logs into EPC using Single Sign-On (SSO), EPC will automatically create or update the user’s attributes based on the SAML response. Simultaneously, it will create or update the user’s groups and roles, ensuring a seamless association between the user and these specific groups and roles.
Steps to Enable Automatic Sync:
- Navigate to the System Admin section.
- Select the ‘Advanced’ tab.
- Locate and modify the ENABLE_SAML_SYNC_GROUPS and ENABLE_SAML_SYNC_TITLE settings from ‘false’ to ‘true’.
Additional Rules of the Automatic Sync
- Automatic Group Creation: If a user is associated with a group within the IdP that does not already exist in EPC, EPC will automatically create the group and add the user to it.
- Removal from Invalid Groups: If a user is a member of a group that is no longer valid in the IdP, and the group assignment was made via the IdP (and not within EPC), the user will be removed from that group.
- Retention of Non-IdP Groups: If a user is associated with a group in EPC that was not originally created by the IdP, the user will remain a member of that group.
- Automatic Role Assignment: When a user logs into EPC, the system will create the user’s resource and associated role(s) if they do not already exist. Then, the system will assign the resource to the role(s).
Post your comment on this topic.