LDAP/AD Sync to Workfront

Integrations Catalog

Contact us for more information

LDAP/AD Sync to Workfront

Features | The Problem

Is your Workfront instance connected to your LDAP/AD system in order to ease the login process for your users? If yes, read on.

The way the current SSO setup in Workfront works is that it automatically logs in the user if they have authorized to the network which is great as the user doesn’t have to remember another username and password; the user creation in WF is simplified as you can set Workfront attributes to map to the LDAP/AD attributes.

What doesn’t happen is that when a user leaves the company and is deactivated in LDAP/AD, they do not get deactivated in Workfront resulting in licenses that are assigned but not in use. Since the user stays active in the system, the user shows up available for assignments to tasks and projects creating a scenario that no one wants to be in.

The Access Management Utility from Aurotech lets you automate user management within Workfront and keeps your Workfront instance in sync with AD/LDAP. The utility also helps in the maintenance of the organizational structure within Workfront.

The outcome is that you free up your licenses without having to spend time doing license management, ensuring no work is routed to users no longer working in the organization and you don’t have to spend manual effort to maintain your organization’s chart within Workfront.

Integration Features

  • Automated deactivation of users
  • Ability to maintain manager relationships as exists in AD/LDAP
  • Sends notifications to project managers if a user is being deactivated when there are incomplete tasks
  • One-time setup to keep systems in sync going forward
  • Locally hosted to keep transactions within your environment
  • Ability to update other user-level fields and custom fields in Workfront from LDAP

The Problem

The Solution
The native SSO setup doesn’t allow for deactivation of user from LDAP or AD – native deactivation only occurs on login attempt, which is rarely done after the termination of employment or change in role resulting in licenses being tied up to users that no longer work in the organization.

Use Aurotech’s Access Management utility to setup read-only access to LDAP or AD and automate the deactivation of users in Workfront when they have been deactivated in LDAP/AD. The query is based on SSO username ensuring the correct profile gets deactivated.

The benefit is that the user is no longer available for assignments and thus no one can assign work even when they don’t know that the user is no longer with the organization.

When users are deactivated in Workfront, there is no way to notify project managers that they need to update their task assignments resulting in possible unfinished work.

Access Management utility can be configured to send emails to project managers of those projects where incomplete tasks exist assigned to the deactivated user, informing them about the deactivation so that they can update the impacted tasks with new resource assignments.

Thus you will never have work assigned to users who have left the organization.

The only way to manage an organizational structure within Workfront is manual and cumbersome when used

Access Management utility can be configured to maintain the direct reports/reports to relationship in Workfront as it exists in LDAP/AD.

So if you have not been using the Organization feature at user level in Workfront due to the complexity involved in maintaining it – now you can use it and enjoy the benefits of this feature.