Audience: (ClassLink Administrator)
- All Destinations
- Active Directory
Certain destination mappings, marked as "Unique", must be unique for each individual user. These include the following fields:
- Active Directory: sAMAccountName, userPrincipalName
- GSuite: primaryEmail
- Azure: userPrincipalName
If multiple users might have identical mappings for these fields, you can provide username generation rules that will map alternate values for those fields in case of conflicts. You can navigate to this module by clicking the button next to the desired mapping. To change the priority of any alternate mapping, you can click the up and down arrows. The "Default" mapping is highest priority. The "1st" alternate is next highest priority, and so on.
To prevent subsequent syncs from overwriting previously exported data of a specific mapping, you can click the arrows between OneSync and destination mappings to set override settings for that specific mapping. Current settings include: "always map" and "only map when adding user". These settings can be applied to default mappings and custom mappings. In addition, toggles with the same functionality are available for enabling or disabling overrides for user account controls in Active Directory destinations.
To map to a custom attribute or property in a destination, you can first set your own attribute the Default Mappings tab of a destination, above the destination fields. This attribute will then appear in mappings in the Default Mappings and Custom Mappings dropdowns.
For more information on GSuite custom attributes. click here.
User Account Controls
OneSync provides additional mappings and options for Active Directory destinations, including User Account Controls and Password Policies. These controls can be set in Default mappings, Custom mappings, and Events & Actions.
Note: If you set any password policies, you will be required to map a password in default mappings.
Dynamic Mapping Variables
In an Active Directory destination, you can create mappings for sAMAccountName and userPassword and then use these mappings in other mappings using the $ symbol. This includes default mappings, custom mappings, groups, and events & actions. In the example below, sAMAccountName is mapped using the givenName and surname fields, and then the userPrincipalName is mapped using sAMAccountName. The variables' most practical application, outside of default mappings, are in email events which detail an account's creation with the set password.
Advanced AD Fields
You can choose to display or hide more obscure, advanced AD fields in default and custom mappings. Simply click the toggle in the upper right hand corner of both tabs.
Active Directory/GSuite Password Synchronization
OneSync does not currently offer the ability to sync passwords from Active Directory to GSuite. However, Google offers a tool to sync passwords which can be found here.
Google Cloud Directory Sync (GCDS)
Google offers a tool to sync your Active Directory and GSuite accounts. Click here for more information.
Updated: Jan 2019