User information sources allow you to import and synchronize users from an external data source. This is useful if you have a globally diverse directory management system and want to import and synchronize your users with uPerform.
User information source functionality allows you to:
- Import and synchronize user accounts in bulk via an XML-formatted file.
- Import and sync user accounts from one or more directory servers.
- Access your user account identification policies such as special characters, spaces, and domains.
- Sync a specific segment of a user base in a directory or file source via a filter, and assign users to groups within uPerform.
Four steps are required for synchronizing users:
- Create the user information source, which is a connection to a user store. The user source can be an LDAP-compliant directory server, such as Microsoft Active Directory or a well-formed XML file. Multiple user information sources can be created to allow you to import users into the application from different locations. Refer to the Technical Specifications for a complete list of the supported directory servers.
- Create the filter, which allows you to retrieve a specific set of users from the user information source and assign the users to a content group. Filters for a directory server are LDAP queries; filters for XML user sources are XPath queries. Multiple filters can be created for each user information source.
- Assign the filter to a group, which allows you to assign access to content within uPerform. If a filter is not assigned to a group, new users will not be imported and any existing users will be deactivated if they are not included within any other filters. If you are not utilizing group-based filtering, the filter must be assigned to the All Users group.
- Run the synchronization from the user information source, filter, or groups page. Alternatively, the synchronization can be scheduled to run automatically. For more information on scheduling tasks, refer to Scheduling Automated Tasks in the companion manual Administration.
Adding, Editing and Deleting a User Information Source
- Click Administration on the left menu.
- Click Users, Roles, and Groups in the Administration area.
- Click User Information Sources in the Users, Roles, and Groups area.
- Choose from the following options:
If You Want To
|
Then
|
Add a user information source
|
- Click Add User Source on the left menu.
- Go to the next step.
|
Edit a user information source
|
NOTE: A user source cannot be edited if a filter assigned to it is synchronizing.
- Click on the user source name you want to edit.
- Select Edit Properties from the left menu.
- Go to the next step.
|
Delete a user information source
|
NOTE: A user source cannot be deleted if a filter assigned to it is synchronizing.
- Click on the user source name you want to delete.
- Click Delete User Source on the left menu.
- Click OK.
NOTE: Clicking OK will delete the user source, its filter(s) and any users belonging to the filter(s), unless the users belong to another filter.
|
- Complete/edit the following fields:
Field
|
Description
|
Name
|
Enter a name for the source.
|
Description
|
Enter a description of the source.
|
- Choose from the following options:
If You Want To
|
Then
|
Add a user information source from a directory server
|
- Select Directory Server in the Source drop-down list.
- Click Next.
- Go to step 7.
|
Add a user information source from a file source
|
- Select File in the Source drop-down list.
- Click Next.
- Go to step 9.
|
Add a user information source from a SAML identity provider
|
Refer to Configuring Security Assertion Markup Language (SAML) Authentication.
|
- Complete/edit the following required fields for a directory server:
Field
|
Description
|
Location
|
Enter the URL for the directory server. For example: LDAP://acmeDS.com:389
NOTE: Be sure to enter a port number at the end of the URL. In this example, "389" is the port number.
|
Page Size
|
Enter the number of records to retrieve at one time. If your directory server supports page size limits, ensure your page size is within that range. If the directory server does not use paging, enter -1.
NOTE: Page size should not be set if the directory server does not provide an estimated number of results.
|
Security Connection
|
Select Simple or Anonymous.
If you choose simple, enter the user name and Password of the user to use to connect to the directory server.
|
- Go to step 11.
- Perform one of the following for a file source:
If You Want to
|
Then
|
Upload a file
|
- Select Upload File Path.
- Click Browse ... to navigate to the file location.
- Go to Step 11.
|
Connect to a file over HTTP
|
- Select Connect to a File.
- Go to the next step.
|
- Complete/edit the following required fields to connect to a file over HTTP:
Field
|
Description
|
Path
|
Enter the static path for the file to which you want to connect.
|
User ID
|
Enter the User ID that has access to the file.
|
Password
|
Enter the password for the user.
|
Password Confirmation
|
Confirm the password.
|
- Complete/edit the following required fields for a directory server or a file source:
Field
|
Description
|
User ID
|
For a directory server, enter the property name from the directory server.
For a file source, enter the XPath string from the user element in the file to the user ID.
|
Unique Identifier
|
For a directory server, enter the property name from the directory server.
For a file source, enter the XPath string from the user element in the file to the unique identifier. This allows the application to update the user if it is changed in the directory server or file source.
|
Email Address
|
For a directory server, enter the property name from the directory server.
For a file source, enter the XPath string from the user element in the file to the email address.
|
First Name
|
For a directory server, enter the property name from the directory server.
For a file source, enter the XPath string from the user element in the file to the user's first name.
|
Last Name
|
For a directory server, enter the property name from the directory server.
For a file source, enter the XPath string from the user element in the file to the user's last name.
|
Enable Automatic Synchronization
|
This option allows you to automatically synchronize filters created for this user source. This will allow you to quickly synchronize from a specific user source when a new file is uploaded, file is updated on the web, changes are made to the directory server, or changes are made to the field mapping.
It is recommended that you leave this option disabled until you are ready to synchronize user accounts.
For more information on automatic synchronization, refer to Schedule Automated Tasks in the companion manual Administration.
|
Send Account Created Notifications
|
This option enables the Server to send an email to a user the first time the account is synchronized.
NOTE: It is recommended to enable this option when using XML files as the user source to ensure you receive password information sent via email.
|
- Click OK.