Syncing Liberty Create Group Membership with Active Directory Group Membership

We have a CHCentral host, with several linked hosts running a variety of case management applications.

Rather than having to manually add/remove users from groups, we’d like to be able to set-up rules to automate this based on the user being members of specific AD groups.

We already have SSO configured with our AD, and we’re pulling across the users email address, forename and surname.

I’ve now tried to expand this to bring across the users AD groups. In the detaisl tab on my SSO provider config, I can see an available claim for groups…

image1771×121 17.1 KB

I’ve updated the attribute mapping to capture this data when a user logs in…

image1789×406 44.3 KB

I’ve set-up a 1-to-many relationship between my Users object, and a newly created “AD Groups” Object. Groups is just a Text single line field.

When I log out/in it doesn’t bring across the AD groups, and the Detective doesn’t display any errors/messages.

Is what we’re trying to do possible, and if so, any ideas where I’m going wrong here?

Hi @camsd047

Apologies for the late reply. Thank you so much for your query!

My advice would be for you to raise a build advice support ticket with our support team by emailing them at support@netcall.com or you can log a ticket directly via the Support Portal

Someone will be able to have a look at this, and provide appropriate support.

If you have any other queries please do not hesitate to contact us here at the community.

Thank you,

Lisa V

Hi, we do this, but we save the AD groups in a long text field in the user object upon SSO login. We then use subsets to check for membership, and rules to apply the correct groups and roles. We also have an event action to remove the group rels if the person is taken out of the an AD group. If you get stuck I’m happy to jump on a call.