Skip to Content

Directory - Groups (auto group membership via integrated login)

Last modified by adm_ea@helsinki_fi on 2024/02/07 06:53

If your organization is using integrated login you may be able to use the auto-group membership feature.

If you are interested in using it please contact iris@science-it.ch to make sure it will work properly. When this is verified you will need to take the next steps.

  1. You must be the organization admin for your organization. Then go to "Browse" -> "Organization" and select the admin icon for your organization. When the organization admin overlay opens then go to the "Settings" tab.
  2. You will need to be sure "AD Integrated" is selected, if you are using integrated login it should be.
  3. Then be sure to select one of the options and press update (option will not take affect until you enable it on each group so it is safe to change)
    1. Remove from group -> will add/remove user from group)
    2. Set to pending (notify group/org admin) -> will add user to group but if they do not match a group it will set it to pending and notify the group/org admin
    3. Disable -> will add user to group but disable them if they do not match a group they are already in
    4. Ignore -> it will take no action

      image2017-5-5 2:45:55.png

  4. When initially implementing we recommend to use "Set to pending", then if there are problems you are notified immediately. If things are working after several days/weeks, then eventually set to "Remove from group".
  5. We recommend to test with one group first, so go to "Browse" -> "Groups" search for the group you want to change and select the admin icon, then go to "Settings".
  6. Go to the "AD integrated" setting and select "AD Integrated" and enter the group "DN" (this is the "Distinguished Name" of the group and needs to be determine what is correct for your organization), as shown below:

    image2017-5-5 2:52:28.png

  7. Once that is activated you should test if it is working as expected.
  8. There can be cases where a user is not actually assigned in a group but you want them in the group in Open IRIS or there is a problem getting the group information for a particular user. 
    In these cases you can use the "AD Override" feature for that user in the group admin overlay on the "Users" tab. For that particular user tick the checkbox for "AD Override" as shown below and select the save button:

    image2017-5-5 3:0:46.png

  9. Also to help with management you can search for the DN of a group under the "Groups" tab in "Browse" and you will see the DN for the group in the "AD Group Name" column:

    image2017-5-5 3:15:24.png