For customers with on-premises Microsoft Active Directory as their Identity Provider, this section serves as a tutorial to setup the required synchronization of your end-users with the OutThink platform.
This process requires the use of Secure FTP (SFTP) client software and optionally additional third-party software to extract user data from your Active Directory on a regular basis.
Regular extraction of user details from Active Directory
You must first determine which users you wish to synchronize from your Active Directory with the OutThink platform. This may be your entire organisation, or just a subset of Organisational Units.
Using either Powershell, the capabilities of Active Directory, or a third-party tool (such as AD Manager Plus from ManageEngine), extract your user population to a CSV file.
This extraction should happen regularly to ensure that any changes to your user population is reflected in the OutThink platform. This may typically be every 24 or 48 hours, but can be more or less frequent if required.
The fields to extract are outlined below:
| Typical Active Directory User Attribute | Mandatory? |
|---|---|
| userPrincipalName | Yes |
| Yes | |
| givenName | Yes |
| sn | Yes |
| enabled | No |
| preferredLanguage | No |
| c | No |
| manager.emailAddress | No |
| jobTitle | No |
| department | No |
| division | No |
| employeeNumber | No |
In particular, note the following:
enabled – Determines whether the user is enabled (active) or disabled (inactive). Optional.
If provided as “false”, “514” or “66050”, then the user will be assumed to be disabled.
If provided as any other value, e.g. “true”, then the user will assume to be enabled.
preferredLanguage – The user’s native or preferred language. Optional.
If provided, this must be a combination of an ISO-639-1 Language Code (“639-1” column) and an ISO-3166-1 Alpha 2 Country Code (green or blue field in Decoding Table). Available language options:
| ar-AE | Arabic – UAE |
| cs-CZ | Czech |
| da-DK | Danish |
| de-DE | German |
| en-GB | English – UK |
| en-US | English – USA |
| es-MX | Spanish |
| fi-FI | Finnish |
| fr-FR | French |
| he-IL | Hebrew |
| hu-HU | Hungarian |
| it-IT | Italian |
| lt-LT | Lithuanian |
| nb-NO | Norwegian Bokmål |
| nl-NL | Dutch |
| pl-PL | Polish |
| pt-BR | Portuguese – Brazil |
| pt-PT | Portuguese – Portugal |
| ro-RO | Romanian |
| sk-SK | Slovak |
| sv-SE | Swedish |
| sw-KE | Swahili |
| tr-TR | Turkish |
| zh-Hans | Chinese (Simplified) |
c – The User’s country, typically where they reside or perform their work. Optional.
If provided, this must be an ISO 3166-1 “Alpha 2” Code, such as “GB”, “US” or “FR”.
manager.emailAddress – The email address of the user’s manager. Optional.
If feasible, the email address of the user’s manager should be extracted. If your organisation stores the email address of the user’s manager in a different attribute, use that instead.
employeeNumber – The user’s internal system identifier, typically associated with your Learning Management System. Optional.
For customers delivering training via a Learning Management System (LMS), it is important to be able to correlate learners in that system, with users in your Active Directory. If your LMS does not use the same user identifier as Active Directory, pass the LMS’s user identifier in this field.
The CSV file must have a header row with the attribute names given above.
Schedule sending the CSV file to the OutThink Platform, via SFTP
Every time the CSV file is generated (or regenerated), it should be passed securely to the OutThink platform. Upon receipt, the OutThink engines will process the file and automatically process any changes (additions, deletions and updates) required to ensure the users are correctly synchronized. This process may take up to an hour – therefore allow time between sending an updated file and seeing those user changes reflected in the OutThink Command Centre.
Where possible, please use the filename users.csv as the submitted file.
Submitting the file to the OutThink SFTP Servers should be automated using appropriate scheduling or workflow software.
Your OutThink Account Manager will securely provide the address of the SFTP Servers, together with a username and SSH key that you require to securely authenticate.
OutThink employs strict handling policies for all personal identifiable information either transmitted or stored. This includes requirements to ensure the data sent to OutThink is encrypted at all times, and is removed immediately upon processing. The user data is encrypted within the realms of your private customer tenancy, in your chosen geographic hosting region.
Was this helpful?
8 / 0