Jump to content

Ability to enable/disable sync of non-existent users from AD per security group


Recommended Posts



As an admin I want to have ability to enable/disable security group for syncing non-existent users to Passwordstate if global sync of non-existent users to Passwordstate is enabled. Goal is to have just one exact group called i.e. "Passwordstate Users" which will sync all non-existent users from AD to passwordstate to automatically enable them access, but not to anybody else in any other group. We have several groups like "DevOps" which contains not just devops engineers, but also their scrum master. Scrum master must not have access to passwords anytime. It's same for all other engineering teams, there is always at least one person which must not access passwords, but rest of teams must access all passwords shared to team.


I  can imagine that on each Security Group imported from AD will be Flag which will be possible to enable or disable and will achieve required scenario. I.e. by default it will be enabled, but as admin I will be able to disable sync during importing process (or later enable/disable).


Something like screenshots below. In this case I think it will be very easy to implement, because it’s just a flag in one table and enhancement in AD Sync which will check for each group if it shouldn’t be skipped. No need to change rest of sync process.


I think much more people will benefit from this.






Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...