Synchronize external user data

Synchronize external user data with user data already in the agency's database. To do this, add an Active Directory server to the Civic Platform security policies. When a user logs in and Civic Platform validates their credentials, Civic Platform compares the external user data with the existing user data on the Civic Platform server and updates the Civic Platform data as needed. Administrators can also add external users to the Civic Platform database if this feature is activated.

Additionally, administrators can either convert external users toCivic Platform users, or convert Civic Platform users to external users. For instructions, see Add and edit users.

An administrator user (ADMIN) and public users cannot be external users.

The Civic Platform user login procedure authenticates the user directly against the Civic Platform database. When an external user logs in, Accela sends the authentication request to the external source for validation. If the user passes the validation, Civic Platform compares the attributes of the external source and the Civic Platform database. If there are any changes in the external source, Civic Platform corrects the data in the Civic Platform database.

Because this procedure affects the Civic Platform database, it also affects all Accela products, including add-ons. This means that all external users who Civic Platform has validated using this process can log in to products such as Civic Platform, Accela Wireless, or Citizen Access.

  1. From the Administration menu, select Agency profile > External user policy.

  2. Complete the following fields:

    Field Action
    Additional directory entries Enter more organization units from which to retrieve user entries. Specify the DC and root of each organization unit. To enter multiple additional organization units, separate them by comma.
    Access user OU Enter the base organization unit to use for searches. Access User OU is the location within Active Directory where Civic Platform should search for users. The Active Directory administrator provides this information.
    Access user DC

    Enter the DC (domain component) of the parent entry of the access user entry. The Active Directory administrator provides this.

    Civic Platform accesses the LDAP server with the following user information: CN=<Access User Name>,<Access User OU>,<Access User DC>
    Provider port Enter the external user server’s IP port for LDAP access to Active Directory. This port number is usually 389.
    Access user name Enter the ID of the user who can access Active Directory when performing a search to add new integrated users. Enter the CN (common name) from the DN of the access user entry.
    Provider URL Enter the IP address of the external user server for the specified domain controller. For example, enter the LDAP server URL. You can use SSL LDAP with “ldaps://” URL.
    Access User Password Enter the password for the user ID that can access Active Directory.
    OU Filter Required. OU Filter defines the organization unit from which to filter users in the Access User DC and Additional Directory Entries from the LDAP server. If undefined, Civic Platform searches all the OUs in the Access User DC and the Additional Directory Entries. Specify multiple filters, separated by comma, joined by OR.
    Status To use Active Directory to synchronize the Civic Platform server, select Enable from the drop-down list; otherwise, select Disable.

  3. Select Save.

  1. From the user account menu , go to AdministrationUser profile > User.

  2. Select Add.

  3. Select External User.

  4. Select External User Search.

  5. Complete any of these fields:

    Field Action
    OU Search Root Enter the base organization unit to search.
    Common Name Enter the given, or first, name of the user to locate.
    Surname Enter the family, or last, name of the user to locate.

  6. Select Search.

  7. Select Select for the user to integrate from Active Directory.

    If specifying an Active Directory attribute (for example, Common Name) in the standard choice DEFAULT_USER_LOGIN_ID, Civic Platform uses the attribute value of the selected user to populate the User Login ID field. Otherwise, Civic Platform uses userPrincipalName of the selected user from Active Directory to populate the field.

  8. Do one of these:

    • Enter the department to associate the integrated user with.

    • Select the Department button to choose a department from a list and select Submit .

  9. In the User Group/Privilege section, select each module for the user to access.

  10. For each module selected, choose the user group (only one) for the user.

  11. Select Save.

Related Topics Link IconSee also