What Does the Active Directory Group Assignment Plugin Do?
The Active Directory Group Assignment plugin allows you to create objects (resources) in tenfold that are represented by an image, a title and a short description. These objects can be categorized and made available in tenfold’s self-service portal. Data owners can control how and to whom these resources are assigned via workflows.
At the same time, Active Directory groups that function as technical control mechanisms and which usually have incomprehensible names are hidden from users. They only see the object/resource with its provided title that is much easier to grasp.
When a resource is assigned, tenfold adds the affected user to the relevant group automatically; if the resource is removed, tenfold deletes the user from the group. The plugin is often used as part of the integration with Citrix® environments to control which applications users should have access to.
The plugin is also commonly used to model applications and systems that provide certain functionalities to users, including proxy servers for internet activation, remote VPN access or permissions and roles in other applications that are integrated with the AD.
The following domain environments are currently supported:
Single forest / Single domain
Single forest / Multi-domain
Note: Samba and Samba-based solutions are not supported.
Access via LDAPS must be enabled on the domain controller.
To use SMS tokens for password-reset, there must be an SMS email gateway or SMS service providing a REST interface.
Resources with one or more Active Directory groups as backend
Individual application rights via Active Directory groups
Configurable resource options via Active Directory groups
to determine the initial state, and
to correctly model external changes made to the relevant groups in tenfold.