Harvest User

When using Windows Authentication, you need to “harvest” users from the Active Directory or the Graph API interface.

Under Quick Access, select Security.

Select Users > Harvest User.

Active Directory

1. Select Active Directory harvester from the drop-down menu.

2. Enter domain of the Active Directory. (To find this on your computer, click Settings > System > About > Domain or Workgroup. Or simply type Domain in your Windows search bar and select this option.)

3. Enable secure LDAP if required. Remember to include the secure port (by default 636) in ‘Active directory domain’ section if using Secure LDAPS.

Use this format:

<domain>:<secure_LDAPS_port>

Note: LDAP is a protocol for accessing active directory information (users, groups, etc). Secure LDAP (also called LDAPS) uses Secure Socket Layer protocols and is used rarely.

4. Enter the path to the User Container if known. User container is the default location for new user accounts and groups created in the domain.

5. Enable Remove Users to remove previously harvested user records but which are no longer in the AD currently (for example ex-employees, contractors etc).

Click Harvest.

Graph API

Select Graph API harvester from the drop-down menu.

Enter Client and Tenant IDs and the application secret.

Enable Active Users to harvest only users whose accounts are enabled in the Azure active directory (now called Microsoft Entra ID).

Note: If a user is included in a sub domain within the Active Directory, Cadcorp SIS WebMap 9.1 will treat each one as a separate user. For example DOMAIN1\user1 and SUBDOMAIN1\user1 can have different map permissions, even though one exists in a sub domain of the other.

Remember

  • Once an initial set of groups and users has been created, new harvests or imports will not duplicate records from the previous import.
  • Assign ‘Administrator’ permissions to a user after harvesting. Without Admin privileges, WebMap can deny access to users when restarted.
  • Duplicated user or group names are not supported. The import will only add new records. It does not delete the currently saved security model (i.e. permissions are maintained between imports).