# LDAP for End Users

> There are two ways of giving end users access to the **UiPath Process Mining** platform:

## Introduction

There are two ways of giving end users access to the **UiPath Process Mining** platform:

* Manually define users in **End-user administration** which you can open from the **Releases** tab of the **Superadmin** page.
* Setting up LDAP (AD) synchronization.
  :::important
  With LDAP synchronization users will be added or updated in the list of users in **End-User Administration**.
  :::

This page describes how to set up LDAP to give end user access to **UiPath Process Mining**.

## Prerequisite

The standard Microsoft service package `Active Directory Domain Services` must be installed on the **UiPath Process Mining** server. Follow these steps to verify whether the `Active Directory Domain Services` service package is correctly installed.

| Step | Action |
| --- | --- |
| 1 | Open a Windows Command Prompt. |
| 2 | Enter the command `dsget` and press **Enter**. |

If the `dsget` help text is displayed at the command prompt, the `Active Directory Domain Services` service package is working properly.

## Step 1: Preparation

Copy the following files to the `builds` folder of your **UiPath Process Mining** installation folder:

* `Config.json`,
* `Syncad.js`,
* `Syncad.bat`.
  :::note
  You can create the files yourself from the code samples in the corresponding sections below.
  :::

## Step 2: Configure LDAP Settings

Go to the **Settings** tab of the **Superadmin** page of your **UiPath Process Mining** installation and add the required LDAP settings in the `ldap` setting of the **Server Settings**.

See [Set up LDAP](https://docs.uipath.com/process-mining/standalone/2021.10/user-guide/set-up-ldap#configure-ldap-settings).

## Step 3: Enable External Authentication

To enable end users to login via Active Directory you must specify the `ExternalAuthentication` setting in the `ApplicationSettings.json` file.

Follow these steps to adapt the `ApplicationSettings.json` file.

| Step | Action |
| --- | --- |
| 1 | Go to the **Superadmin Workspaces** tab. |
| 2 | Click on the **Workspaces** menu icon. |
| 3 | Select **Application settings...**. |
| 4 | Enter the following line:  `"ExternalAuthentication": "adlogin"` |
| 6 | Click on **OK** to save the changes and to close the `ApplicationSettings.json` file. |

### Global Settings

:::note
It is recommended to use the `OverrideApplicationSettings` setting in the **Server Settings** to make the `ExternalAuthentication` setting applicable to the entire **UiPath Process Mining** installation. In this case, you do not need to specify the setting in **Application Settings**.
:::

Follow these steps to set the `OverrideApplicationSettings` setting in the **Server Settings**.

| Step | Action |
| --- | --- |
| 1 | Go to the **Superadmin Settings** tab. |
| 2 | Enter the following lines:  `"OverrideApplicationSettings": {"ExternalAuthentication": "adlogin"}` |
| 3 | Click on **SAVE**. |
| 4 | Press F5 to refresh the **Superadmin**page. |

## Step 4: Adapt Config.json

Make sure the `Config.json` file contains an entry for each Active Directory (AD) group – Application combination. It should contain the following properties:

| Property | Description |
| --- | --- |
| `ADgroup` | The **Full Name** of Active Directory Group of users that are allowed to login. This looks like `"CN=All Users,OU=Distribution Groups,DC=Company,DC=com"`. |
| `appcode` | The **Application code** of the app or module to which the AD group needs to get access to. |

:::important
AD groups are case-sensitive.
:::

For more information on how to find the Application code see [FAQ: Application code](https://docs.uipath.com/process-mining/standalone/2021.10/user-guide/pm-frequently-asked-questions#faqs).

## Step 5: Adapt Syncad.js

In the syncad.js file, change the following line to match your settings for the LDAP connection to the Active Directory.

`const loginString = ["-s","SERVER ADDRESS","-u","AD USER","-p","AD PASSWORD"];`

## Step 6: Schedule a Task for the Synchronization

Since end-users may have different access rights and these access rights also might be changed, it is recommended to do the synchronization on a regular basis to bring the local authentication database up-to-date. You can use Windows Task Scheduler to schedule a task that runs the `syncad.bat` for user synchronization.

## Troubleshooting

### Making Fields Editable in End-User Administration

By default the fields in **End-User Administration** are not editable when using LDAP synchronization.

You can use the `fieldsAlwaysEditable` setting in the `ApplicationSettings .json` file to specify which fields in **End user administration** are editable.

Follow these steps to open the `ApplicationSettings.json` file.

The **Edit File** dialog is opened and displays the current contents of the `ApplicationSettings.json` file.

:::note
Click on **?** in the **Edit File** dialog to open the **Applicationsettings.json help**. Type `fieldsAlwaysEditable` in the Search bar for a detailed description on the `fieldsAlwaysEditable` setting.
:::
:::note
It is recommended to use the `OverrideApplicationSettings` setting in the **Server Settings** to make the `fieldsAlwaysEditable` setting applicable to the entire **UiPath Process Mining** installation. In this case, you do not need to specify the setting in **Application Settings**.
:::

## Code Samples

### Config.json

Below is a template `Config.json` file.

```
[
    {
    "ADgroup" : "CN=AdTestGroup,OU=Users,OU=MyBusiness,DC=Magnaview,DC=local",
    "appcode" : "p"
    },
    {
    "ADgroup" : "CN=AdTestGroup,OU=Users,OU=MyBusiness,DC=Magnaview,DC=local",
    "appcode" : "p2"
    }
]
```

You can copy this code sample to a new empty file and adapt it with our own data.

### Syncad.js

Click on the link to open a template `Syncad.js` file: [Syncad.js](https://documentationpicturerepo.blob.core.windows.net/files/Process_Mining/Syncad.js). You can copy this code to a create the file.

:::important
If you leave out arguments in the `Syncad.js` script, e.g. `active : 1`, these attributes will not be synchronized.
:::

### Syncad.bat

Below is a template `Syncad.bat` file. You can copy this code to a create the file.

```
call processgold.bat -nodejs syncad.js orgCode= config=config.json
pause
```