Platform Groups Sync

When Secret Server is integrated with Delinea Platform, Platform groups can be synchronized to Secret Server. These groups can be used to assign permissions, roles, and sharing just like any other group type.

Overview

Platform groups are managed in Delinea Platform and synchronized automatically to Secret Server. Unlike local groups, you cannot manually manage membership for Platform groups in Secret Server - membership is controlled entirely in Delinea Platform.

Platform groups appear in Secret Server group lists and can be used throughout Secret Server to:

  • Assign permissions to secrets and folders

  • Assign roles

  • Share secrets with groups

  • Control access to Secret Server features

Accessing Platform Groups Sync

Search for Platform groups sync to manage Platform group synchronization.

The Platform groups sync page contains four tabs:

  • Configuration: Configure platform integration settings. The Configuration tab displays platform integration settings including:

    • Connection endpoints - URLs that Secret Server uses to communicate with Platform (Reply URL, Login URL, Logout URL).

    • Authentication credentials - Client ID and Client Secret used to authenticate Secret Server with Platform.

    • Synchronization interval - How frequently Platform groups are automatically synchronized to Secret Server (configured in days and hours).

    • Integration options - Additional features such as audit integration (forwards Secret Server audit events to Platform) and inventory forwarding (sends discovery data to Platform Inventory).

  • Groups: View and manage synchronized Platform groups. The Groups tab displays:

    • Last sync finished - Timestamp of last synchronization.

    • Enabled platform groups - List of synchronized Platform groups.

    • Filter groups - Search box to filter groups. These groups can be used to assign permissions, roles, and sharing throughout Secret Server.

  • Synchronization logs: View synchronization history with exact synchronization time and message. Use search box and Date time range filter to find the related events.

  • Audit: View audit logs for integration changes by date, user, action, and notes.

User Mapping

The User mapping dropdown button is available at the top right to access to the primary user mapping features. To map Platform users, click User mapping, and select from the dropdown:

  • Map a Platform user: Manually map a Platform user to a Secret Server user (see below).

  • Reset user mappings: Clear all existing user mappings (see below).

Manually Mapping a Platform User

Use manual mapping when automatic mapping cannot find a match between Platform and Secret Server users. The user mapping process will restore a missing connection between a Platform user and a Secret Server user.

To map a Platform user:

1. Click User mapping > Map a Platform user

2. A 3-step Map a Platform user wizard opens:

  • Step 1: Next to Secret Server user click on the No Secret Server user selected link.

Select a Secret Server user. This user will be mapped to the Platform user you select in the next step.

Click Next.

  • Step 2: Select a Platform user. The Platform user selected in this step will be linked to the Secret Server user selected in the previous step.

Next to Platform user click on the No Platform user selected link, and select a Platform user from the list.

The list displays available Platform users with their mapping status. Users already mapped show a "Mapped" badge in the State column.

Select the Platform user to map to the Secret Server user, and click Next.

  • Step 3: Confirm and map users

Review the mapping and complete the wizard.

The mapping is created immediately and will be used in the next synchronization.

Resetting User Mappings

Use reset when group synchronization is removing users from groups or you receive mapping errors.

To reset user mappings:

1. Click User mapping > Reset user mappings.

2. In the Reset user mappings popup, confirm the action.

Warning: This clears all existing user mappings. Users will need to log in to Platform again to recreate automatic mappings.

Using Platform Groups in Secret Server

Once Platform groups are synchronized, they work like any other group in Secret Server:

  • Assigning Permissions - you can assign Platform groups to secrets and folders with View, Edit, or Owner permissions.

  • Assigning Roles - you can assign Platform groups to roles to grant permissions to all group members.

  • Sharing Secrets - you can share secrets with Platform groups.

  • Group Membership - is read-only in Secret Server. To add or remove users, make changes in Platform and wait for synchronization to run.

Synchronizing Groups

Platform groups synchronize automatically based on the interval configured on the Configuration tab (default: every 1 hour).

To manually trigger synchronization:

1. Search for Groups tab.

2. Click the Sync now button.

Synchronization updates Group memberships, User mappings, and Group metadata.

Editing Enabled Groups

To modify which Platform groups are synchronized:

1. On the Groups tab, click Edit.

2. Each group displays a Remove link.

3. Click Remove next to the related group to stop synchronizing.

4. Save the changes.

Note: Removing a group from synchronization does not delete the group from Secret Server - it only stops future synchronization of that group's membership.