Troubleshooting Federated Group Mapping
Issue: Platform group sync overwrites Secret Server groups every four hours
-
The Secret Server users are stripped of their group memberships.
-
The administrator might receive the error message, No internal user found for mapping the external user.
Customers affected: Secret Server customers who opted in to the Delinea Platform, with federated directory users on the platform and the following set up and working properly:
-
Active Directory Synchronization
-
The Delinea Connector
-
Group Mapping
Resolution:
-
From the Platform interface, remove all federated users from the platform.
-
Click Access from the left navigation menu, then click Users.
-
Select the box next to a user from a federated directory.
-
Click Delete at the top right of the page.
-
Repeat steps b and c until all federated users are deleted.
-
-
Ensure that your federation providers have their user mapping option set to "Required" with the option to 'Create local user if unable to map' enabled.
-
Click Settings from the left navigation menu, then click Federation providers.
-
Click the name of a federation provider.
-
Next to Map federated user to existing directory user, select Required from the drop-down menu.
-
Select Create local user if unable to map.
-
Click Save.
-
-
From the Secret Server interface, reset user mappings
The next time those federated users log on to the platform, they should experience no more group issues.