LDAP for End Users
Introduction
There are two ways of giving end users access to the UiPath Process Mining platform:
- Manually define users in End-user administration which you can open from the Releases tab of the Superadmin page.
- Setting up LDAP (AD) synchronization.
important
With LDAP synchronization users will be added or updated in the list of users in End-User Administration.
This page describes how to set up LDAP to give end user access to UiPath Process Mining.
Prerequisite
The standard Microsoft service package Active Directory Domain Services must be installed on the UiPath Process Mining server. Follow these steps to verify whether the Active Directory Domain Services service package is correctly installed.
| Step | Action |
|---|---|
| 1 | Open a Windows Command Prompt. |
| 2 | Enter the command dsget and press Enter. |
If the dsget help text is displayed at the command prompt, the Active Directory Domain Services service package is working properly.
Step 1: Preparation
Copy the following files to the builds folder of your UiPath Process Mining installation folder:
Config.json,Syncad.js,Syncad.bat.noteYou can create the files yourself from the code samples in the corresponding sections below.
Step 2: Configure LDAP Settings
Go to the Settings tab of the Superadmin page of your UiPath Process Mining installation and add the required LDAP settings in the ldap setting of the Server Settings.
See Set up LDAP.
Step 3: Enable External Authentication
To enable end users to login via Active Directory you must specify the ExternalAuthentication setting in the ApplicationSettings.json file.
Follow these steps to adapt the ApplicationSettings.json file.
| Step | Action |
|---|---|
| 1 | Go to the Superadmin Workspaces tab. |
| 2 | Click on the Workspaces menu icon. |
| 3 | Select Application settings.... |
| 4 | Enter the following line: "ExternalAuthentication": "adlogin" |
| 6 | Click on OK to save the changes and to close the ApplicationSettings.json file. |
Global Settings
It is recommended to use the OverrideApplicationSettings setting in the Server Settings to make the ExternalAuthentication setting applicable to the entire UiPath Process Mining installation. In this case, you do not need to specify the setting in Application Settings.
Follow these steps to set the OverrideApplicationSettings setting in the Server Settings.
| Step | Action |
|---|---|
| 1 | Go to the Superadmin Settings tab. |
| 2 | Enter the following lines: "OverrideApplicationSettings": {"ExternalAuthentication": "adlogin"} |
| 3 | Click on SAVE. |
| 4 | Press F5 to refresh the Superadminpage. |
Step 4: Adapt Config.json
Make sure the Config.json file contains an entry for each Active Directory (AD) group – Application combination. It should contain the following properties:
| Property | Description |
|---|---|
ADgroup | The Full Name of Active Directory Group of users that are allowed to login. This looks like "CN=All Users,OU=Distribution Groups,DC=Company,DC=com". |
appcode | The Application code of the app or module to which the AD group needs to get access to. |
AD groups are case-sensitive.
For more information on how to find the Application code see FAQ: Application code.
Step 5: Adapt Syncad.js
In the syncad.js file, change the following line to match your settings for the LDAP connection to the Active Directory.
const loginString = ["-s","SERVER ADDRESS","-u","AD USER","-p","AD PASSWORD"];
Step 6: Schedule a Task for the Synchronization
Since end-users may have different access rights and these access rights also might be changed, it is recommended to do the synchronization on a regular basis to bring the local authentication database up-to-date. You can use Windows Task Scheduler to schedule a task that runs the syncad.bat for user synchronization.
Troubleshooting
Making Fields Editable in End-User Administration
By default the fields in End-User Administration are not editable when using LDAP synchronization.
You can use the fieldsAlwaysEditable setting in the ApplicationSettings .json file to specify which fields in End user administration are editable.
Follow these steps to open the ApplicationSettings.json file.
The Edit File dialog is opened and displays the current contents of the ApplicationSettings.json file.
Click on ? in the Edit File dialog to open the Applicationsettings.json help. Type fieldsAlwaysEditable in the Search bar for a detailed description on the fieldsAlwaysEditable setting.
It is recommended to use the OverrideApplicationSettings setting in the Server Settings to make the fieldsAlwaysEditable setting applicable to the entire UiPath Process Mining installation. In this case, you do not need to specify the setting in Application Settings.
Code Samples
Config.json
Below is a template Config.json file.
[
{
"ADgroup" : "CN=AdTestGroup,OU=Users,OU=MyBusiness,DC=Magnaview,DC=local",
"appcode" : "p"
},
{
"ADgroup" : "CN=AdTestGroup,OU=Users,OU=MyBusiness,DC=Magnaview,DC=local",
"appcode" : "p2"
}
]
You can copy this code sample to a new empty file and adapt it with our own data.
Syncad.js
Click on the link to open a template Syncad.js file: Syncad.js. You can copy this code to a create the file.
If you leave out arguments in the Syncad.js script, e.g. active : 1, these attributes will not be synchronized.
Syncad.bat
Below is a template Syncad.bat file. You can copy this code to a create the file.
call processgold.bat -nodejs syncad.js orgCode= config=config.json
pause