Question
Azure Active Directory
Sync Roles using Active directory
Profile picture for user Federico Buffa ...
Federico Buffa
17:58 Feb 04, 2022

Hi Team, 

 

We implemented the steps in this article https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/bpmonline-tutorial for the SSO of the users using AD Azure. We dont find any documentation about how to sync Groups AD > Roles Creatio. What needs to be done in that case?

 

Thanks,

Like 0

Like

1 comments
Profile picture for user Roman Brown
Roman Brown
17:54 Feb 07, 2022

Hello, 



SSO functionality in Creatio is not intended for syncing groups between AD and application. 

The only functionality it has related is automatically add or refresh roles for user based on roles coming with SAML Assertion when JIT is enabled:

https:/academy.creatio.com/docs/user/setup_and_administration/user_and_access_management/authentication/set_up_jit_provisioning/just-in-time_user_provisioning



As for syncing groups and users, we would recommend you to consider possibility of using LDAP:

https:/academy.creatio.com/docs/user/setup_and_administration/user_and_access_management/synchronize_users_with_ldap



Kind regards,

Roman

Show all comments
Question
web api
web service
Azure
#azureAd
Azure Active Directory
7.12_()
studio
BPM integration with external web service
Profile picture for user tmkzmu
tmkzmu
17:16 Nov 19, 2018

Hi,

I've configured Azure AD to my BPM. Other external application (web app) uses same Azure AD. I am trying to figure it out, how to do this:

1) Logged (via Azure AD) user on external web app, clicks button which will send request to BPM (to execute some process)

2) BPM should receive request and somehow assign executing process to currently logged user on external web app

Do you know the way to do this? Maybe I should do something like this:

1) Create technical user on BPM

2) Use this technical user credentials to login via BPM AuthService 

3) Send request to BPM (one of sent parameters will be username or email of currently logged user on web app)

4) BPM can somehow assign this username/email to executed process (how to do this?)

Maybe there is some better way to make it work? I saw that on BPM 7.13 there is some OAuth 2.0 integration -> https://academy.bpmonline.com/documents/technic-bpms/7-13/setting-oauth-20-application

Best regards,

Tomasz

Like 0

Like

1 comments
Profile picture for user Alex_Tim
Alex_Tim
16:46 Nov 20, 2018

Hello Tomasz,

The idea is to authorize your external web app to bpmonline using user`s credentials. More about authentication by the link: 

https://academy.bpmonline.com/documents/technic-sdk/7-13/choosing-metho…

Afterwards, business processes will run under this user. Other way to run process under certain user are not available due to security reasons.



One more way to implement this is to log in as technical user e.g. Supervisor and include information about target user in request, After that it`s up to you how to process it in business process.

Regards,

Alex

Show all comments
Subscribe to Azure Active Directory