Active Directory synchronization with AD groups

Configuring Integration with Active Directory

1. Go to "System settings" - "Auth" and select the LDAP tab.

2. Enter the LDAP server address, an account for connection, and its password.

3. Specify the OU and user search filter. See an example of a filter for a specific group in the screenshot below.

4. Click the "Submit" button to save the settings. Note: After changing parameters and settings, always click "Submit" to apply changes. Otherwise, the test will run with old parameters.

5. Click the "Test connection" button to verify the settings or "Test login" to check a specific user's authorization.

6. Click the "Bulk Import" button. You should see the users of the group that will be added for PAM authorization. You can select specific users and click "Import" or import all users by clicking "Import all".

7. You can also configure automatic user synchronization by clicking the "Sync setting" button.

Synchronization with Active Directory Groups

Why synchronize with AD groups? 

Managing access rights to target systems can be done using familiar Active Directory groups. Adding or removing a user from such groups will automatically synchronize with the permissions matrix in JumpServer, and the user will gain or lose access rights.

Configuring synchronization with AD groups.

1. Go to System settings - Authentication - LDAP

2. In the User attribute field, add the parameter groups to look like this:

{
  "username": "sAMAccountName",
  "name": "cn",
  "email": "mail",
  "groups": "memberOf"
}

See screenshot:

3. Click the Submit button to save the settings.

4. Click the User Import button and then click Sync Users in the opened window.

If everything is correct, you will see a list of users and a column with AD group attributes:

5. Click Import all to add users to the system.

If you go to Console - User - Groups, you will see JS user groups with AD group names and the same users in them: