User Filtering Configuration

User filtering allows you to fine-tune the way Active Directory synchronization is performed.

The following filtering options are available:

• Role mapping for groups: map active directory users to MetaDefender Vault roles based on their groups

  • Auditor: users in groups specified in the list will be licensed as auditors

  • Global Supervisor: users in groups specified in the list will be licensed as global supervisors

  • Administrator: users in groups specified in the list will be licensed as administrators

  • Readonly Administrator: users in groups specified in the list will be licensed as readonly administrators

  • Helpdesk Administrator: users in groups specified in the list will be licensed as helpdesk administrators

• Include Organizational Units: any users or groups found in the included OUs will be licensed as users

• Exclude Organizational Units: any users or groups found in the excluded OUs will be ignored when licensing users

• Include Groups: any users or groups specified in the included groups will be licensed as users; please note that included groups will override excluded OUs

• Exclude Groups: any users or groups specified in the excluded groups will be ignored when licensing users; please note that excluded groups will override included OUs

It is possible that a user is part of two or more groups where the groups were mapped to different kind of MetaDefender Vault roles. As a user can only have one role assigned to it, the following order of precendence is applied:

1. Administrator
2. Readonly Administrator
3. Helpdesk Administrator
4. Auditor
5. Global Supervisor

For example Active Directory group A is mapped to the Administrator role while group B is mapped to the Auditor role. An active directory user who is member of both groups will have the assigned MetaDefender Vault role of Administrator.