- changed status to open
Advanced Default AD group Options
Issue #388
resolved
When using the AD group functionality to link user authentication, it would be nice if the user's presence or absence of a group dictated the QATrack group they would be in.
I.e. if User was in Agency_therapy, that would map to granting the user QATrack\Therapist rights.
I'm not sure if this would be the functional way to get this to work but I see this as a mapping table replacing the 'default group' value that maps a site's AD groups to QATrack groups. I would even be open to being forced to rename the QATrack groups to match their respective AD groups.
This would help significantly with onboarding and offboarding staff.
Comments (2)
-
-
- changed status to resolved
I plan on making all of the AD functionality editable through the admin at some point, but for now I’ve implemented a new setting:
"""AD_GROUP_MAP is a map from AD Group names to QATrack+ group names in form of e.g. {'Your Hospital - Physics': "Physics"}. When a user logs in to QATrack+, their AD groups will be checked and they will automatically be added to the corresponding QATrack+ group based on this map.""" AD_GROUP_MAP = {}
Note this is currently additive only. A user won’t have QATrack+ groups removed if they are no longer part of the corresponding group in AD.
- Log in to comment
A model like:
could be created. When a new user is created in QATrack+ it could iterate over the AD group memberships and automatically populate the users groups based on this mapping table.