Synchronization of attributes from Active Director... - Qlik Community

KeyReaL · ‎2024-04-26

Hello community,

I ask for help in organizing an automated access level.

We have a branch structure in our organization - department - service - subdivision,

For example: Northern Region - Department of Marketing - Customer Service - Sales

Now, we manually create in Custom Properties parameters with the name of each branch, department, units (screenshot #001) and after hand we choose them on employees. (screenshot #002)
After this property, we indicate on application, thus, an employee with a certain property sees certain reports.

Our employees are imported from Active Directory, but because AD has an attribute “Distinguishedname” in which there is information about the employee’s belonging. (screenshot #003)

The task is to synchronize this information with Custom Properties so as not to enter this data manually, how can this be done, any ideas?

Regards Kirill.

mpc · ‎2024-05-02

Hi,

Can you check as you've already checked the DN, if users in Qlik have "group" category (in the same (i), information pop-up) ? If yes, we can go futher and and partially change and automate the process.

Kind regards

From Next Decision and mpc with love
It helps, like it, It solves, mark it

KeyReaL · ‎2024-05-02

Hello,

Thanks for the answer.

I checked, we already have information about users, and we also have a field - “Distinguishedname”

Regards, Kirill

mpc · ‎2024-05-02

Ok,

Perfect, now, since we cannot populate Custom Properties automatically, (expect with the QRS API), in think you should to the following tasks:

Create a set of Security Rules for giving access to stream. In these, you can use a rule such as (user.group = stream.@CustomProperties)
Affects to Stream a CustomProperties wich matches the AD Group of users.

With this mechanism, you only need to affect a Custom Properties to a Stream, (only one action), and the users will have access to there apps wihout human action.

Kind regards

From Next Decision and mpc with love
It helps, like it, It solves, mark it

KeyReaL · ‎2024-05-02

We have a field (attribute) "Distinguishedname" in our AD In it, the information in this format:

"CN = name, OU = Department, OU = Unit......."

with one line, how to separate them, you need to each parameter into a separate property, while the name is not necessary, separately the department, separately unit (put a screenshot)

Best regards.

mpc · ‎2024-05-03

As far as I know, you cannot split a field, and so cannot use the DN.
The users should populated with the information like the attached screen:

And so you can use the property "group" in SR:

More info here: https://community.qlik.com/t5/Deployment-Management/Qlik-Sense-AD-Groups/td-p/1402650

Kind regards

From Next Decision and mpc with love
It helps, like it, It solves, mark it

KeyReaL · ‎2024-05-03

Thanks for the offer.

You have a solution option - to tie a user’s group with a customer property on the platform, but in our “group” field a line with several data parameters is spelled out, which must still be divided and used in different property .

Apparently this is a difficult task.

Regards Kirill

Synchronization of attributes from Active Directory and values in Custom Properties

Administration

Client Managed

Security