Micorosoft Logo

Active Directory Group Assignment 

The AD Group Assignment Plugin allows you to assign IT assets to AD groups and to manage them in tenfold's self-service portal.

What Does the Active Directory Group Assignment Plugin Do?

The Active Directory Group Assignment plugin allows you to create objects (resources) in tenfold that are represented by an image, a title and a short description. These objects can be categorized and made available in tenfold’s self-service portal. Data owners can control how and to whom these resources are assigned via workflows.

At the same time, Active Directory groups that function as technical control mechanisms and which usually have incomprehensible names are hidden from users. They only see the object/resource with its provided title that is much easier to grasp.

When a resource is assigned, tenfold adds the affected user to the relevant group automatically; if the resource is removed, tenfold deletes the user from the group. The plugin is often used as part of the integration with Citrix® environments to control which applications users should have access to.

The plugin is also commonly used to model applications and systems that provide certain functionalities to users, including proxy servers for internet activation, remote VPN access or permissions and roles in other applications that are integrated with the AD.

Required license
Enterprise Edition

The following domain environments are currently supported:

  • Single forest / Single domain

  • Single forest / Multi-domain

  • Multi-forest

Note: Samba and Samba-based solutions are not supported.

Other requirements

  • Access via LDAPS must be enabled on the domain controller.

  • To use SMS tokens for password-reset, there must be an SMS email gateway or SMS service providing a REST interface.

AD Group Assignment Plugin
AD Group Assignment Plugin

Features

What It Covers
  • Resources with one or more Active Directory groups as backend

  • Individual application rights via Active Directory groups

  • Configurable resource options via Active Directory groups

Synchronization
  • to determine the initial state, and

  • to correctly model external changes made to the relevant groups in tenfold.