Importing security groups from an Active Directory - Security Center 5.10

Active Directory Integration Guide 5.10

Applies to
Security Center 5.10
Last updated
2021-08-20
Content type
Guides > Integration guides
Language
English
Product
Security Center
Version
5.10

To have a centralized personnel management system, you can import AD security groups into Security Center as user groups or cardholder groups.

Before you begin

  • If you are importing a universal group from a global catalog, read About universal groups and global catalogs.
  • When importing an AD security group, you must import all members of that group, including the subgroups. If you want to import only a subset of its members, for example, only Security Center users, you must define a new AD security group with only the members you want to import. For more information, see Creating security groups in Active Directory.

What you should know

  • If you are integrating multiple ADs into Security Center, they must each belong to a different domain.
  • An AD security group can be imported as a user group, a cardholder group, or both.

Procedure

  1. On the Properties page of the Active Directory role, select the AD security groups you want to import.
    1. Click Add an item ().
    2. Select the security groups you want to add to your Active Directory role.
      Use one of the following methods:
      • (Recommended) Type the name of the group in Find Active Directory groups, and click .

        If the text you entered matches a single group, it is automatically added to the Selected groups list.

        If the text you entered matches multiple group names, a second dialog box opens, listing all the group names that match the text you entered.

        Select the ones you want, and click OK to add them to the Selected groups list.

      • From the Selected groups list, click ().

        The Active Directory members dialog box opens.

        Select a security group, and click OK. Only security groups can be synchronized. If you selected an item that is not a security group, the OK button remains disabled.

      NOTE: The names shown in the dialog box are display names. Security Center only synchronizes the account names because they are guaranteed to be unique. Typically, the display names and the account names are the same. The only way to tell them apart is that the display names contain spaces.
    3. Repeat the previous step as often as needed until all security groups you want to synchronize with the AD are listed in Selected groups, and then click OK.
      The selected groups are listed under Synchronized groups in the Properties page.
  2. Choose which partition the entities are synchronized in.
  3. For each of the synchronized groups, specify how you want to import them.
    The following options are available:
    As user group
    Select this option to import the synchronized group as user group, and the group members as users.
    Create user on first logon
    This is the default option, and it creates an empty user group. User entities are only created when someone tries to logs on the first time. This option avoids having to create all user entities simultaneously, which can freeze up the system.
    If you clear this option, all user entities are created at the same time as a user group.
    As cardholder group
    Select this option to import the synchronized group as cardholder group, and the group members as cardholders. All synchronized cardholders are created simultaneously.
    Import credentials
    Select this option to import the credential information of the synchronized cardholders. Multiple credentials can be imported for each cardholder.
  4. If necessary, customize the mapping of AD attributes to Security Center fields.
  5. If you are importing credentials, select which credential fields to synchronize with the AD.
  6. Click Apply, and then click Synchronize now ().

Results

All synchronized groups and their members are imported as Security Center entities according to your specifications, with a yellow arrow () superimposed on their icon.

After you finish

Some additional configuration might be required, depending on what you synchronized with the AD:

After you create a scheduled task, the warning message No scheduled task exists to synchronize this role disappears from the Properties tab.