AD Connector and Mappings

Answered

Comments

6 comments

  • Official comment
    Avatar
    Nancy Lambert

    Hi Matthew,

    Thank you for posting this excellent question. Our general mapping documentation can be found here. More specific to your question, a user's account will process through mappings again (reapply mappings) under certain conditions:

    1. An admin selects Reapply All Mappings on the main Mappings page (where the mappings are listed)
    2. An admin selects Reapply Mappings from the More Actions drop-down on an individual user configuration page (Users > All Users > selected user)
    3. A user is updated through the API
    4. User attributes are updated through the Active Directory Connector

    If you are seeing an Active Directory user whose attributes have changed and those changes have synchronized to OneLogin but mappings were not reapplied please open a support ticket so we can investigate what is occurring and help get it resolved. Please let us know if you have any further questions

    Thank you for choosing OneLogin!

  • Avatar
    Matthew McNabb

    Nancy,

     

    Thanks for the detailed answer! It was #4 that I was unsure about. I had some evidence that this was the case, but a couple of other things had me doubting that behavior.

    Also, just to be clear, a newly created mapping will not automatically be applied, correct?

  • Avatar
    Nancy Lambert

    Hi Matthew,

    We get this question quite often and I'm so glad you asked it. A newly created mapping will not be automatically applied to any existing users without one of the four options above occurring.  

    For example: You create a new mapping to assign a new role "Vacation Approvers" for users that are members of a Management Team OU in Active Directory and save it. You have two existing users in OneLogin that are members of the Management Team OU in Active Directory: John Walter and Hellen Bradley. You have a new manager being on-boarded and created in Active Directory: Janet Adams.  Janet is assigned the Vacation Approvers role in OneLogin through the mapping as soon as the Active Directory Connector syncs her account into OneLogin. John and Hellen still do not have the role. To get John and Hellen added to this new role you can perform any of the above items 1-4 to trigger the mappings action. 

    Please let us know if you need any further clarification or have any additional questions. 

  • Avatar
    Omar Madrid

    Hi Nancy

    Does changes in group membership in AD can be consider as attribute change?

  • Avatar
    Mike Hagesfeld

    We may be having a similar issue.  I have  user who is a member of a group.  This membership shows in their user profile, and is passed through when using the connector to one app.  However, for a different app, the MemberOf group list passed through is different, and I have no idea why.  Is there any way two connectors will have different MemberOf lists, when everything else is the same?

  • Avatar
    Ben Seba

    If my users have their department name or title updated in Active Directory the update is not being passed through to our app Remedyforce. Is this related?

Please sign in to leave a comment.