Search the Community
Showing results for tags 'sync'.
Hi Team, I'm aware you have SAML2 support, and we're currently making good use of that feature, however it'd be great if we could sync user information down from AD based on group membership. Even better if this includes the groups themselves, so we can manage users info and what Passwordstate security groups they get all from Azure AD. I see elsewhere you've suggested to just have your Azure AD sync with an on-prem AD, however that's not a great solution as it then requires that we manage our users from an on-prem AD, when we've moved to decommission such onsite servers. You can easily pull such information from something like Microsoft's own Graph API. List members - Microsoft Graph v1.0 | Microsoft Docs List group transitive members - Microsoft Graph v1.0 | Microsoft Docs This feature would provide huge value for us in allowing us to centrally manage users for Passwordstate.
Hi, As an admin I want to have ability to enable/disable security group for syncing non-existent users to Passwordstate if global sync of non-existent users to Passwordstate is enabled. Goal is to have just one exact group called i.e. "Passwordstate Users" which will sync all non-existent users from AD to passwordstate to automatically enable them access, but not to anybody else in any other group. We have several groups like "DevOps" which contains not just devops engineers, but also their scrum master. Scrum master must not have access to passwords anytime. It's same for all other engineering teams, there is always at least one person which must not access passwords, but rest of teams must access all passwords shared to team. I can imagine that on each Security Group imported from AD will be Flag which will be possible to enable or disable and will achieve required scenario. I.e. by default it will be enabled, but as admin I will be able to disable sync during importing process (or later enable/disable). Something like screenshots below. In this case I think it will be very easy to implement, because it’s just a flag in one table and enhancement in AD Sync which will check for each group if it shouldn’t be skipped. No need to change rest of sync process. I think much more people will benefit from this.
Hi, Passwordstate currently sync just Security Groups members, but nothing else. As an admin I want to get synced all AD user attributes into Passwordstate anytime it's changes in AD by schedule. (i.e. first name, last name, email, username, department, office, etc...) Thanks
Hello, we are running Passwordstate without any problems. Now I got the task to add user accounts from an external AD (outside of the Passwordstate server domain) I did as Administrator the setup of the Domain under Administration -> Active Directory Domain (with the check mark at Used For Authentication) I created Privileged Account Credentials under Administration. The check of the Privileged Account returned "Username and Password matches". After that I did the "Add From AD" under Administration -> User Accounts. Here I could search for the user accounts in the newly added domain and add them without any problems ...so far so good. But If I try to login with an user account of the new domain it would not let me through. I tried different login spellings and also Web Authentication Option for the user without success (for the Web Authentication Option I only tested AD Authentication ones...) The Error Console is empty. Where is the problem? Or how can I debug this further? Thanks for your help. Trexman