Samanage Users Role by AD Group Not Provisioning

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 4
Registered: ‎01-29-2018
#1 of 5 1,248
Accepted Solution

Samanage Users Role by AD Group Not Provisioning

When I add the AD group to the Samanage Users Role, the user gets provisioned in Centrify, but it won't be provisioned in Samanage correctly, so the Samanage portal says "Unable to Launch Application - You do not have access to this application or the application has been removed." after the Centrify authentication. But if I add the individual AD user account to the same Role, the user gets provisioned both in Centrify and Samanage correctly. What causes this?

Centrify
Posts: 8
Registered: ‎10-06-2015
#2 of 5 1,230

Re: Samanage Users Role by AD Group Not Provisioning

Hello and welcome to Centrify Community!

 

When you say it won't be provisioned in Samanage correctly, can you elaborate? Are you seeing the user there, is it missing attributes, ...? This can be caused by different things. Replication issue in your AD, Centrify Connector not picking up the change (but the user won't be provisioned at all), ...

 

Looking forward to hearing back from you,

 

 

Andrea

Participant II
Posts: 4
Registered: ‎01-29-2018
#3 of 5 1,218

Re: Samanage Users Role by AD Group Not Provisioning

The attempted user will show up under Users in the Cetrify admin console, but it won't show up under Users in the Samanage admin console. Since it shows up in the Centrify admin console, I believe the AD connector is working fine. In fact, when I add this user to the Role members individually, it will show up under the Users in the Samanage admin co nsole as well, and they can proceed to the portal correctly. I hope this explains. Thanks.

Centrify
Posts: 8
Registered: ‎10-06-2015
#4 of 5 1,199

Re: Samanage Users Role by AD Group Not Provisioning

Thank you for the clarification!

 

I have opened up a Support case to further investigate this issue. You should have received an email from me.

 

We will be posting the resolution once we get this fixed.

 

 

Andrea

Centrify
Posts: 8
Registered: ‎10-06-2015
#5 of 5 1,153

Re: Samanage Users Role by AD Group Not Provisioning

After whitelisting the Domain Controllers that are on the same site, as the other ones had replication issues, and adding the Centrify Connector service account to the "Windows Authorization Access Group", the user was successfully provisionioned to Samanage.

 

For further information, please see following KB articles:

KB-5921: How to configure restricted or preferred domain controller lookups for the Centrify Cloud C...

KB-9454: Active Directory users no longer have access to assigned applications.