dbeckner
Frequent contributor

AD Property Conditions for Visibility

Jump to solution

We are looking to restrict product access to certain users. Unfortunately these users do not belong to a specific security group so the next best thing that I see is to only include visibility based on a certain AD property. Currently under the AD Property dropdown there are only 3 options -- city, company, and office. Is it possible to add additional properties to this dropdown list or is this a fixed section?

0 Kudos
2 Solutions

Accepted Solutions
CharlesW
Flexera
Flexera

Re: AD Property Conditions for Visibility

Jump to solution

You should be able to add additional properties beyond he default by going to site management->Active Directory->Property Mapping.  You will see a list of AD properties, some of which may have been populated by a custom user sync (ADGUID for instance).. Anyways, if you want a property to be usable, then you would "edit" the property, and select "allow deployment" for the property.. Once you do this, the property should be selectable in your condition. The following screen capture illustrates:

propertyMapping.png

(Don't forget to select "update")

 

 

View solution in original post

CharlesW
Flexera
Flexera

Re: AD Property Conditions for Visibility

Jump to solution

It would have to come from the Active Directory User Discovery attributes that are in SCCM.. I'd expect that you could expand the user discovery attributes to get most things from AD.. If you are able to discover it, then you should be able to add the same into WD_User via a custom query...

View solution in original post

0 Kudos
8 Replies
CharlesW
Flexera
Flexera

Re: AD Property Conditions for Visibility

Jump to solution

You should be able to add additional properties beyond he default by going to site management->Active Directory->Property Mapping.  You will see a list of AD properties, some of which may have been populated by a custom user sync (ADGUID for instance).. Anyways, if you want a property to be usable, then you would "edit" the property, and select "allow deployment" for the property.. Once you do this, the property should be selectable in your condition. The following screen capture illustrates:

propertyMapping.png

(Don't forget to select "update")

 

 

View solution in original post

dbeckner
Frequent contributor

Re: AD Property Conditions for Visibility

Jump to solution

If the AD property does not exist in the SCCM DB is there a way to import properties directly from AD or is App Portal completely dependent on the user properties that SCCM exposes?

0 Kudos
CharlesW
Flexera
Flexera

Re: AD Property Conditions for Visibility

Jump to solution

It would have to come from the Active Directory User Discovery attributes that are in SCCM.. I'd expect that you could expand the user discovery attributes to get most things from AD.. If you are able to discover it, then you should be able to add the same into WD_User via a custom query...

View solution in original post

0 Kudos
dbeckner
Frequent contributor

Re: AD Property Conditions for Visibility

Jump to solution

Thanks @CharlesW this exactly what I'm looking for.

0 Kudos