Provisioning synchronizes Pyramid users with Active Directory users. If a user is added to or removed from AD, they will be updated accordingly in Pyramid, as long as Provisioning has been enabled.
- Enable Auto Provisioning: check this option to enable provisioning - when enabled, the AD sync time interval is the System Schedule will be hidden, and the AD sync job will automatically run immediately after the provisioning job
- Evaluate group with SID: identify groups using their security ID instead of group name (only relevant for Active Directory)
- Evaluate user with SID: identify users using their security ID instead of user name (only relevant for Active Directory)
- Sync Interval: determine how frequently to sync Pyramid users with AD users and groups. Setting this too frequently can negatively impact both Pyramid and the AD.
- User Sync Behavior: determine what should happen to Pyramid users who have been removed from AD
- Remove: remove the user from Pyramid. Note that the content they created will also be removed.
- Disable: the user will be disabled, and the content they created will not be removed from Pyramid.
- Enable Cross Domain Groups: enable the use of active directory groups made up of users from multiple domains.
When Provisioning is enabled, the scheduled provisioning jobs will appear under the Schedules Manager. From there, you can edit the schedule, add a new scheduling job, and more.
User Group Synchronization
It is necessary to synchronize user identity data between the Pyramid environment and Active Directory.
- Sync Method: select the method that will be used for synchronization. You can use one of two methods (Method 1 or Method 2).
- Method 1: This method fetches all the Pyramid users and adds them to the user table, This means that the table will contain all of the users, their directly assigned roles, and the roles that are assigned to their user group.
- Method 2: This method uses Active Directory to determine who are the members of a group. This method is more efficient.
- Synchronization Timeout: set the timeout for the synchronization process to go to the Domain Controller to fetch the information. Set the value to 0 to run with no timeout. Note that running with no timeout will not notify users if there is a synchronization error,
- Support Cross Domains: allow synchronization in cases where a group belonging to one domain has a nested group belonging to second domain. If this option is not selected, the synchronization will fail.
- via Forest (Preferred): scans all of the domains.
- via Domain: requires users to search by domain.
- Forest Domain:select the Forest Domain. This should be set by the administrator only in cases where Forest Domain will be used
- Use Forest Level Credentials: select this field to override the users credentials. This is used in a case where the selected user does not have the privileges to scan the forest.,
- Username Set the Forest Level Username
- Password: Enter the Forest Level Password