LDAP Workflow

This topic provides a basic workflow for using this module, as well as links to the available procedures, concepts, and reference topics.

Steps

Enable LDAP integration and logging.

Note: LDAP integration will not be available until it has been enabled.
If you did not select the Enable APM Security check box, determine which existing Microsoft Active Directory Groups you want to map to GE Digital APM Security Roles, and for each of those Microsoft Active Directory Groups, create a GE Digital APM Security Role whose name matches exactly a Microsoft Active Directory Group name. When LDAP synchronizes Microsoft Active Directory and GE Digital APM, each user will be assigned to the GE Digital APM Security Roles whose names match exactly the names of the Microsoft Active Directory Groups to which they belong. If you selected the Enable APM Security check box, this step is not required, and you will manage Security Role assignment in GE Digital APM.
Create a Domain record in GE Digital APM for each Active Directory domain that contains users whose information should be synchronized with records in GE Digital APM. Domain records store identifying information about the Microsoft Active Directory domains that exist in your organization.
Schedule an LDAP synchronization process to periodically update GE Digital APM with user information from Microsoft Active Directory.

IMPORTANT: After implementing LDAP synchronization, do not modify Security User information in GE Digital APM; instead, modify the user information in Microsoft Active Directory, and then synchronize. Synchronization overwrites all GE Digital APM Security User site assignments, Security Role assignments, and all other mapped information with the most recent information in Microsoft Active Directory.