Telligent Enterprise roles can be added as group members
You can assign a role as a member, manager, or owner of a group. After the role is added as a member of a group, the group then appears in the membership list. This allows you to manage group membership via the role management of Telligent Enterprise.
The role can be added as any of the three group membership types. Members of that role can access the group with the proper privileges (member, manager, owner) once the role has been added to the group.
The role shows a default hub icon (or role avatar is one has been selected). Once you add the role, a message says, "The role has been added, but it may take up to 24 hours for large group permissions to be assigned." A group welcome email is sent to the new member(s).
LDAP groups can be added as group members
An LDAP group of users can be added as a member of the group. This replaces the LDAP group import functionality that previously existed in other releases, which could time out when you searched for a large existing active directory group on the group membership list. Instead of a one-time import, the membership of the Telligent Enterprise group and LDAP group is kept in sync.
The LDAP group is used as the master list. If the LDAP group is edited for membership after it's been added to a Telligent Enterprise group, the group membership in Telligent Enterprise will be kept in sync ever 24 hours by the CommunityServer.Components.LdapSyncJob task.
The directory group can be added as any of the three group membership types. Members of that directory group can access the group with the proper privileges (member, manager, owner) once the directory group is added. The directory group is listed in the membership list with the default hub icon next to it.
A message stating that the group has been added but it may take up to 24 hours for large group permissions to be assigned displays once the group is added. New group members receive a group welcome email as they are successfully added.
If the directory group is removed from the group membership, the effect will be immediate and the directory group members will no longer be members of the group.
A user can be added as part of the LDAP group and can also be added directly.
An LDAP group can be mapped to a Telligent Enterprise role
An LDAP group can be associated with a Telligent Enterprise role. This means that if the membership of the LDAP group is updated, the users are added or removed from that Telligent Enterprise role as appropriate. For example, you can link your domain admin group to the Telligent Enterprise Administrator role so that all domain admins are automatically made admins within Telligent Enterprise.
After you look up a directory group and save it as associated with a Telligent Enterprise role:
- A task will sync Telligent Enterprise to the LDAP directory group within 24 hours.
- Members are updated to have the role being associated with their account.
- If a user is not longer a member of the LDAP group, the mapped role is removed from the user.
- A 1:1 user mapping is maintained in that directory group and that role.
If the mapping is removed from the Enterprise role, every user who is a member of the formerly mapped LDAP group will be removed from the corresponding Enterprise role. This will occur regardless of how the user initially was added to the role, whether it was from LDAP mapping or the role was manually added by an administrator.
The source for the role is the directory group.
Membership can be managed through the RESTv2 API
Group membership can now be managed through the REST API. Members can be added, edited, or removed from groups. LDAP groups of users can also now be added, edited, or removed as group members. Finally, Telligent Enterprise roles can be mapped to group membership through the API. This makes it possible, for example, to manage group membership in a spreadsheet with the use of the SDK if you want to write the code to do that.