Skip to main content

Enable or disable synchronization of Active Directory groups

Snow License Manager includes the following predefined roles:

  • Administrators

  • License Administrators

  • Viewers

  • API users

To avoid that an Active Directory group with the same name as one of the predefined roles is unintentionally synchronized, with the result that all users assigned to the group are allowed access to Snow License Manager, automatic synchronization is disabled by default for groups with the same name as any of the predefined roles.

To enable synchronization for any of the excluded groups, or to disable synchronization for a group:

  1. On your Snow License Manager application server, open C:\Program Files\Snow Software\Snow License Manager\Web\web.config.

  2. Configure the following setting in the <appSettings> section:

        <add key="ADGroupsIntegrationExclusions" value="Administrators;License Administrators;Viewers;API Users" /> 
    • To enable synchronization for an excluded group, remove the name of the group from the setting.

    • To disable synchronization for a group, add the name of the group to the setting. Use semicolon (";") as a delimiter.

EXAMPLE

A user is assigned to an Active Directory security group called "Administrator". The user does not yet have a Snow License Manager account. When the user signs in to Snow License Manager for the first time using the Active Directory account credentials, a check is made against the list of names in the ADGroupsIntegrationExclusions field in the web.config file. Since “Administrator” is one of the names on the list, and since the user is not assigned to any other groups, a Snow License Manager account will not be created for the user.

EXAMPLE

The name “Development” is added to the list of names in the ADGroupsIntegrationExclusions field in the web.config file. “Development” is also a defined role in Snow License Manager.

A Snow License Manager user who belongs to the Active Directory security group “Development” is now removed from that group. When the user signs in to Snow License Manager the next time, the group “Development” is not included in the automatic synchronization and the role “Development” is not removed from the user.