Version: On-Premise 2.5

Use AD Synchronization to Manage Users and Groups

AD Synchronization allows you to sync users and groups directly from Active Directory, avoiding managing users with Actions Express.

Syncing Users and Groups into Actions Express

To use Active Directory synchronization, ensure that your license includes Active Directory activities.

Create a workflow. Use the AD Users Synchronization activity to sync Active Directory users into Actions Express.
Field mapping. Use mandatory fields First Name, Last Name, and Username to ensure successful login integration.
Sync Frequency. To keep AD data up to date in Actions Express, run the AD Users Synchronization workflow at a regular interval.

Syncing Creates Recipients

When syncing users from Active Directory, there are added as Recipients in Actions Express. These recipients can be used in workflows. For example, you can use a Recipient in the "To" field in Send Email activities.

Users and Groups are added to the Users and Groups tables in Actions Express. Subgroups are displayed individually.
Users and groups synced from Active Directory are read-only and cannot be edited directly in Actions Express. Changes must be made in Active Directory and resynced.

Creating Logins from Recipients

Once AD users are synced as recipients, they can be designated as logins, granting them access to Actions Express with specified roles.

Users

Navigate to Configuration > Logins in the top navigation pane. You will see three tables: Users, Groups and Domains.
The Users table allows you to manage individual login users. Click the + icon to open the User Properties panel:
1. Select a user from the dropdown menu.
2. If the user is synced from AD, their information will be in read-only mode.
3. Assign the desired role and click Save.
The Group table allows you to manage login groups. Click the + icon to open the Group Properties panel:
1. Select a group from the dropdown menu.
2. For AD-synced groups, the information is read-only.
3. Assign the desired role and click Save.

note

Only Security Groups synced from Active Directory can be used as login groups in Actions Express. Distribution groups are not supported.

If a Security Group is synced, there is no need to rerun the synchronization workflow when adding new users to the group. Any users will be automatically created in Actions Express.

Conflicting Roles

When a user is part of both an individual login and a login group, the higher permission will be applied.

Example:

John Doe is a User with the Administrator role.
John Doe is also in the Help Desk group as a Workflow Editor in the Groups table.
When logging in, John Doe will always have administrator privileges.

Known Issue: The system may not recognize a user's group role if their individual role lacks sufficient permissions when deleting accounts. Users may not be able to delete certain accounts despite having the correct group role.

Domain Mapping

Domain mapping is essential for successful synchronization and login. You must map a domain for users to log in using their Active Directory credentials.

Domains Table

The Domains table appears under the Users and Groups tables on the Logins page. This table is populated with domains synced from Active Directory. The domain and host fields will be filled when successfully synchronizing.

Editing Domain Entries

To modify a domain, click on the desired entry and expand on the properties panel on the right. You can edit the domain's device but not the domain itself. To add additional domains, rerun the AD Users Synchronization activity.

Logging In

Logging into Actions Express

Enter your Username, Password, Domain, and Tenant on the login page.
The system will validate the credentials:
- Check if the user exists in Active Directory.
- Confirm the account is enabled and permitted to log into Actions Express.
If the credentials are valid, you will be logged in with their assigned role.

Logging into the Self-Service Portal

To access the Self-Service Portal, users or groups may be granted the Self Service user role in Actions Express. Only users with this role will be able to log in to the Self-Service Portal, not Actions Express.

To login as an AD users, enter your Domain.
To login as a local user, leave the Domain field blank.

Active Directory Forests

Active Directory Forests are not supported at this time. This feature is listed for future development.

Syncing Users and Groups into Actions Express​

Syncing Creates Recipients​

Creating Logins from Recipients​

Conflicting Roles​

Domain Mapping​

Domains Table​

Editing Domain Entries​

Logging In​

Logging into Actions Express​

Logging into the Self-Service Portal​

Active Directory Forests​