The group administration of the Cortado Server integrates seamlessly into the Active Directory (AD). The aim is to provide uniform management of AD groups, reduce the administration load, and thereby also ensure a clear overview. Thanks to Active Directory integration, all existing user rights on the corporate network, including those for remote access, are carried over via Cortado Server. To enable user groups from Active Directory (AD) quick and easy access to Cortado Server, it is recommended to create group templates. Any AD group can be assigned directly to a template.
Thereby, potential conflicts due to classification of hierarchies of templates are avoided. Regardless of this, specific rights can still be assigned to individual users – as well, changes can be made to the templates, for new users only, or for all existing users.
Default User Template
- Select Control Panel→ Group Templates in the Management Console (arrow in illus.).
Here you can find the Default User Template. This template is for all users for whom no group template has been set up. If a user is imported who is not in any AD group (for which a template already exists), then the Default User Template will be applied to him.lied to him.
Setup group template
If you want to assign different printers or settings to the various user groups (AD groups), you can create a dedicated group template for each group. It doesn’t matter if it’s dealing with Cortado Server’s Active Directory or another; the only condition is that with several Active Directories a two-way trust must have been set up.
- To add a template, click on the plus icon in the Management console under Control Panel→ Group Templates and then on Active Directory.
- Select the respective Active Directories and then Groups.
- Select the AD groups for which you want to set up the templates and click first on a Import and then Close.
Then the new templates will be displayed in the left column.
Note! If a group template is created for an AD group, the members of this AD group are automatically imported into the Cortado server the first time they log in to the User Self Service Portal via the browsers of their mobile devices (see the article User import via group template). In the process, the template properties are assigned to the users.
Set priority of group template
If a user is a member of multiple AD groups, the valid template for him will be the one closest to the top in the tree structure. You can change the position of a template with the option Set Priority. Enter a 1 here to move the template into first position (after the Default User Template). With the options Priority Up and Priority Down you can move a template in single steps higher or lower.
Retroactive group template rollout
Note! If you set up a template for an AD group for which the users have already been imported into the user management, then the new template will only apply to those users imported after this time.
- If you want this template to apply also to all previously imported users, use the Rollout option (left arrow in illus.).
- If, on the other hand, you would only like to add a new aspect to the template (e. g. changes to the settings, printers or the network drives), use the Rollout button on the right side (right arrow in illus.).
If, for example, a new printer is added to a group template, highlight the printer (left arrow in illus.) and then select the Rollout option (right arrow in illus). This allows a saving on data volume. If no printer is selected, all printers (regardless whether newly added or pre-existing) will be rolled out.
Changing the template
User management (under Control Panel→ Users) displays which group template is currently enabled for which user (left column in illus.).
- If users are not in any AD group (for which a template exists), then the Default User Template was applied when they were imported.
- When these (already imported) users first enter an AD group (for which a template already exists), they are assigned the properties of the relevant template – the next time they sign in to either Cortado app, the Workplace app, the web app or the User Self Service Portal.
- If users switch to an AD group (for which a template exists), even though they were previously members of another such group, they will be assigned the properties of the new template – effective when they next sign in to either Cortado app, the Workplace app, the web app or the User Self Service Portal.
- If users join an additional AD group (for which a template exists), even though they were already members of such a group, they receive the properties of the higher prioritized template – effective when they next sign in to either Cortado app, the Workplace app, the web app or the User Self Service Portal.
- If users leave an AD group or if the respective template is deleted in group management, they receive the properties of the highest prioritized remaining template – effective when they next sign in to either Cortado app, the Workplace app, the web app or the User Self Service Portal.
- When users leave their last AD group – and so are no longer members of any group for which a template exists, then their access will be disabled. You can run a targeted search for disabled users here, by entering the search term disabled: and the user name or string in the text box at the bottom left. This way, you will get a list of all users which are currently disabled and have the inserted string in their names.