Under Consideration

Improving LDAP Integration

Hello,

our company is using the

active directory for user management. Using synchronisation features is

highly recommended.

1. Testing Attribute Mapping
The test is not working the

same way as the real sync does. The test does not take the database

constraints into account. -> This bug should be fixed.

2. LDAP-Sync on demand

At this moment,

bizagi supports sync at full hour. In test scenarios this is big handicap

(especially keeping point 1. in mind). In production environment it is

unnecessary to wait for the next cycle to sync attributes.

-> This Feature is highly recommended.

3. Attribute Mapping

Mapping simple attributes like name, fullname, mail, mobile and so on works as

expected.

Mapping "idUser = employeeID" is ignored by bizagi, because idUser

seems to be generated by a sequence.

Mapping the idBossuser does not match with ist employeeID consequently.

Assigning one person as a default value seems to work (the dropdown box

offers the names) but does not make sense in a company with a hierarchical

structure.

-> It is highly recommended to improve the mapping, e.g. adding the

employeeID as attribute and use this column to map boss and delegate. The same

way should be used to arrange users to areas, locations ...

I'm looking forward to get

your feedback.

Best regards, Oliver

Comments (4)

photo
2

Will the integration be improved in version11? Any feedback is welcome.

photo
3

The topic's status has been "Under Consideration" for more than 12 months.

@R&D-Team: Can you provide an insight into the consideration?

Thanks.

photo
2

I'm curious on this too. I've created a REST API for Active Directory and I'm looking at setting up some scheduled jobs to call that as a web service and sync in additional roles / groups / mappings to user objects and others. It would be REALLY nice if this was just built in.

photo
2

I believe that the point #3 is very important and necessary to eliminate any manual actions for Bizagi - LDAP Synchronisation. Our approach was to create custom fields in LDAP and map all the necessary information to Bizagi. Here are the limitations that we found with the current implementation:

* There is no option to synchronise User roles, Positions or Stakeholders. This has to be done manually.

* The mapping for User Boss is done by User ID. However, the IDs are not the same across different environment (Testing, Production). As an alternative, we could use the user GUID or user name instead.

* This can be executed only once every hour. When making changes to Bizagi LDAP configuration this is very time consuming.

Thank you.