Configure User Sync with MI Console

Beginning v7.0.2 LDAP user sync can be configured via MI Console, offering the same logic with a simpler, CLI-free setup.

Table of contents:

  1. Create New LDAP Sync Method
  2. Provide Configuration Details
  3. Provide Additional Options
  4. Configure LDAP Sync Schedule
  5. Preview Command
  6. View Created LDAP Sync Method

1. Create New LDAP Sync Method

Access MI Console > Configuration > User Sync

  1. [+New LDAP Sync Method]

2. Provide Configuration Details

  1. Enter a descriptive Name
  2. Provide the required parameters:
    • LDAP_HOST: The LDAP URI to connect to. Supported protocols: ldap, ldaps, ldapi.
      • Example: ldap://ldap.example.com.
    • LDAP_PASS: Bind password for LDAP directories that require authentication. Leave it empty to be prompted.
      • NOTE: The --ldap-user option is required.
    • LDAP_USER: The LDAP DN for the bind user to use if the LDAP directory requires authentication.
    • BASE_DN: The base DN to search for groups that match the specified --filter.
    • Group_DNs: Group DNs to sync with.
      • See also --filter / --base-dn.
  3. Provide the optional parameters:
Name Description
Be verbose Be verbose.
Display details
 Display detailed info about every affected user and group in the summary.
Force
 Force the update of related objects.
Dry run
 Dry run. Implies -v
Skip Default Group
 Skip adding synced users to the Default Group.
More Options Prompts to provide additional LDAP sync options.
User Type The type of Metric Insights users that will be created, or synchronized if the --force option is used.
Auto Create If specified without a value or with the 'all' key, automatically create an MI group for the group DN if it does not already exist. If specified with the 'groups' key, new groups will be automatically created, but only existing users will be updated. If not specified, only users in existing groups will be created and updated.
Filter An LDAP filter to search the base DN for groups to sync. Requires the --base-dn parameter.
MEMBER_ATTR
 The field name that stores information about group members.
USERNAME_ATTR
 The attribute name whose value will be used as the username.
FIRST_NAME_ATTR
 The attribute name whose value will be used as the user's first name.
LAST_NAME_ATTR
 The attribute name whose value will be used as the user's last name.
EMAIL_ATTR
 The attribute name whose value will be used as the user's email address.
  1. Click [Next: Schedule] to configure LDAP schedule, or [Next: More Options],to provide additional LDAP sync options if More Options was enabled.

3. Provide Additional Options

  1. [+Add Option]
  2. Select the option from the list
    • NOTE: Hover over the info icon to see the description of the option
  3. Provide a Value or enable the option
  4. [Next: Schedule]

4. Configure LDAP Sync Schedule

  1. Set Frequency: choose certain days of the week or of the month
  2. Set the desired sync time
  3. Optionally, if certain days of week have been selected, set the repeat frequency for LDAP sync
  4. [Next: Command Preview]

5. Preview Command

  1. Preview the LDAP sync command, then [Finish]

6. View Created LDAP Sync Method

You can run, edit, or delete the created LDAP Sync Method directly from the grid. Logs for completed LDAP Sync Methods can be downloaded from LDAP Sync History grid.