Synchronization with Active Directory
This article explains how to synchronize Packflow with groups hosted in Windows or Active Directory.
Its content does not apply for Packflow sites using Forms Authentication.
Packflow will, by default, authorize authenticated users found in the local Windows or in an available Active Directory to access the sites.
When such a user connects to Packflow for the first time, a PFUser account will be created automatically. But that account will not be member of any Packflow group, hence it will have very limited permissions.
It is often more convenient for administrators to assign the memberships before the new users connect for the first time.
It could also happen that a user must be referenced (user fields, tasks, etc) before his first connection.
For these reasons, Packflow gives the possibility to synchronize organizational groups with Active Directory (or Windows) groups.
To synchronize a Packflow group with an Active Directory group, follow these steps:
Open Packflow Manager.
Under the server and site node, select the "Site Organisation" node.
Select the group to synchronize.
Click on the button "Sync with Domain Group".
Fill the prompted form with the domain and group names.
The sync mode option allows to synchronize only existing users. To import new users, select the third option.
The "Test" button will search for the specified group and display the first found logins. Please note that this feature will only work if the local computer has also an access to the group.
Click "Ok" to synchronize the group.
Once synchronized, the users list will appear on the right and the group name on the left will be greyed out.
Each time you will "Save" this group using this UI, it will be synchronized again.
As you have seen, the group can be updated and synchronized manually.
To synchronize those groups periodically, you can schedule the PFDomainGroupSyncJob job.
This can be done using the Timer Jobs administration in Packflow Manager.