Associating Security Groups with Active Directory
If your organization uses Microsoft Active Directory (AD), you can give an AD group a specific set of permissions in the ReliaSoft database. The members of the AD group can then access the database based on the set of permissions associated with the group.
In addition, the software offers the option to automatically update the permissions of a user whenever that user is added or removed from an AD group. For example, if a user is moved from AD group A to AD group B, his/her user account can be automatically updated with the permissions associated with AD group B. The changes will take effect the next time the user connects to the database via any of the ReliaSoft desktop applications. (Note that for users who will connect only via the SEP web portal, you’ll need to update their permissions manually either via a desktop application or the ReliaSoft Admin tool on the web server.)
Tip: Multiple security groups can be assigned to the same user account, if appropriate. For example, a user can be assigned to the "ABC Team" group (which is associated with Active Directory) and the "Read-Only" group (which is not). (See Planning Your Security Approach.)
Assigning Permissions to an Active Directory Group
To associate a security group with an Active Directory group, choose File > Manage Database > Users and Security and click the Security Groups tab. Then double-click the security group you want to edit.
In the Edit Security Group window, select the Associate this security group with Active Directory check box, and then specify the domain name and Active Directory group to use. There are two additional options, which apply only when users log in from a ReliaSoft desktop application:
- Automatically update
this security group's members. If a user is added to
the AD group, his/her user account will automatically have
this set of permissions the next time the user logs in to
the database via any of the ReliaSoft desktop applications.
Likewise, if the user leaves the AD group, his/her user account
will no longer have this set of permissions.
If you do not want the changes in Active Directory to be automatically applied to a particular user, clear the Update security groups upon login check box in that user's account in the ReliaSoft database. - Automatically create new user accounts on first login. If a member of the AD group does not already have a user account, it will be created automatically (and assigned to this security group) the first time he/she tries to connect via any of the ReliaSoft desktop applications.
Creating/Updating Accounts Now
If you don’t want to wait for all users to log in before creating/updating their user accounts, click the Assign button at the bottom of the window.
- To create new accounts, choose Import users who are members of this Active Directory group. This opens the Import Users from Active Directory window, but you can only choose users from the associated Active Directory group.
- To update the security groups for existing accounts, choose Assign existing database users who are members of this Active Directory group. This shows a list of existing users who also belong to the associated Active Directory group; you can select to update any or all of their accounts.