LDAP Connection / AD Groups

MarshallMclane · ‎31-03-21

Hi All,

We are getting started with On Premise 4.1 Hub and Interact. One thing that we are still trying to better understand is how the LDAP connection works within hub. Does anyone have any experience using it?

Specifically we want to better understand the below topics:

1. Does it a treat an AD group as one user or does it load each user from an AD group into Hub? Were hoping it loads say an AD group as one user that way assigning roles is much simpler otherwise we have to assign roles to each user within the AD group. For example will an AD group show up as one user like it does below?

2. How should we best organize the AD groups to leverage Hub. Do we have one parent / umbrella AD group with lots of smaller AD groups inside or do we connect to each AD group specifically.

3. Is it better to leverage existing AD groups and tie Hub / Interact Roles to those groups or create new AD groups and add users to those new groups.

Thanks all for your help and feedback.

------------------------------
Marshall Mclane
Automation Developer
Capital Group
America/Los_Angeles
------------------------------

AdrianWhite · ‎01-04-21

Hi Marshall,

Thanks for your question. The answer I am afraid is that in this current implementation that the users are brought in without the 'knowledge' of existing AD groups and structure. Each user once imported into Hub / Interact will need to be assigned to roles that you have set up. The user will need to be added to defined roles depending on whether you want them as a Hub user, Hub Administrator, Interact User or Interact Approver, along with any roles defined for specific Interact Forms. So even though this structure may be established in your AD, currently Hub doesn't have the concept to understand that.

All of this being said, there is development going on now which will improve this, but it is a over the next few planned releases. The authentication solution for Blue Prism and Identity Manager Server (IMS) are being integrated, so that adding users in IMS / Hub they can be seen within Blue Prism. Later this will add LDAP enhancements and Group Based SSO integration which is more aligned to what you need.

Hope this answers your question.

------------------------------
Adrian White
Head of Product Consultancy
Blue Prism Ltd
------------------------------

Adrian White Head of Product Consultancy SS&C Blue Prism

MarshallMclane · ‎01-04-21

Hi Adrian,

Thanks for your response. Yeah that's a bummer to hear about the limitations of the AD group and LDAP tool, but excited to see what changes occur in future releases. Speaking of roles in Hub and Interact, is it possible to have read only roles for Hub and Interact? For example in Prod could we have developers with Read only access to Hub Business Processes and Hub Interact Form Builder, as of now it seems like the access is all or nothing. For now when creating roles its either full access to a form or plugin or no access at all. Is that something on the roadmap to change.

Thanks for your quick response.

------------------------------
Marshall Mclane
Automation Developer
Capital Group
America/Los_Angeles
------------------------------

JoaoMolina · ‎02-04-21

I just want to say this is now our main problem to scale up interact within our organization. I hope this get's fixed on the next version. We ware ready to deploy a nice form to our customer care team (about 100 persons) and we stopped it when we realized we would had to assing each member 1 by 1. Doing it once it's ok but maintaining something like that is just not an option. It's just not scalable.

------------------------------
Joao Molina
Intelligent Automation CoE leader
Millennium BCP
Europe/London
------------------------------

SS&C Blue Prism Community

LDAP Connection / AD Groups