Skip to main content
Version: 7.0

Synchronization

info

Synchronization is available only in the Passwork Advanced license

Passwork supports synchronization of security groups from external directories such as Active Directory, OpenLDAP, and others, with Passwork groups. This allows centralized management of resource access using an existing directory infrastructure.

The following domain types are supported for access management in Passwork:

  • Windows domains (based on Active Directory);
  • Linux domains (OpenLDAP, FreeIPA, ALD Pro, etc.).

The synchronization process includes the following stages:

  1. An LDAP query is performed based on the data specified on the Users tab. Passwork receives a list of users, each containing a memberOf array with information about membership in LDAP groups.
  2. An LDAP query is performed based on the data specified on the Groups tab. Passwork receives a list of LDAP groups.
  3. Based on the received data, Passwork forms a list of LDAP groups mapped to Passwork groups.
  4. The mapped Passwork groups are compared with the combined memberOf arrays of all users.
  5. In case of matches, Passwork assigns the corresponding groups to users.
  6. If the option Automatically create new users from mapped LDAP groups is enabled, Passwork checks whether each found user is registered. If not, the user is registered automatically.
  7. If the option Automatically deactivate users if they do not belong to any mapped LDAP group is enabled, Passwork checks whether the user remains a member of the corresponding LDAP groups. If not, the user is automatically deactivated.
info

You can use DN filters to retrieve nested groups or users. Nested objects will be displayed, but group restrictions or mappings will not apply to nested groups.

To map Passwork groups to security groups, select a security group from the list and click the button on the right side of the list. In the opened window, select groups and save the result.

info

To enable synchronization, you need to configure background tasks

Synchronization settings

Synchronization settings allow you to:

  • Automatically deactivate users if they do not belong to LDAP groups mapped to Passwork groups.
  • Automatically register new users from LDAP groups.
  • Select the authorization type that will be assigned by default to users from LDAP.
  • Set the interval for LDAP synchronization.
Synchronization tab settings

Synchronization log

Passwork stores synchronization logs as part of the background task execution history. To view the synchronization log, click the Go to all logs button at the bottom of the Synchronization tab or select the LDAP Synchronization filter on the Tasks tab in the Background tasks section.

Synchronization execution history