I am using Aris Connect SR18 and have SSO working from our Active Directory Aris Groups.

My question is around maintenance of Users in Aris Connect when a User is REMOVED from the Aris AD Group (e.g. when they leave the Company). The User in Aris Connect STILL REMAINS and I have to MANUALLY go in and DELETE the specific User.

I may be missing something, but is there some way to "SYNC" from our Aris AD Group to Aris Connect to update the Users in Aris Connect rather than having to know specifically which Users need to be removed/deleted? If there is a way to perform this sync, can it be automated to say run "weekly" or "monthly"?

Also, if there is a way to perform this type of sync would Aris Connect Users that already exist, but are NOT actually part of the AD Aris Group STILL REMAIN?

Sorry, lots of questions in there, but hoping somebody in the Aris Community can help. I am just hoping that I don't have to regually do a manual reconcile between Aris Connect Users and our Aris AD Group.

Many thanks in advance.

by Martin Schröder
Badge for 'Contributor' achievement
Posted on Fri, 10/21/2022 - 18:22

Hello Michael,

if your UMC user groups were imported from your Active Directory the button "Synchronize with LDAP" above each UMC user group should work for you (cf. online doc SR18). Please check the UMC LDAP configuration because it also depends on search paths, filters and more behavioural settings.

And be careful to try it first in a test environment.

When synchronizing single users I had the unexpected effect, that some were deleted from UMC only because they had moved to other departments, i.e. the OU= part of a distinguished name had changed. I assume that Aris always requests the full DN for comparison, not ony the user id (common name, CN).

Another tool for LDAP synchronization is y-ldapsync.bat/.sh for a scheduled task on the server. But please verify the command line syntax first, because help contains obvious errors:

Synchronizes existing users with an LDAP system, the spelling is case sensitive.
* -au, --affectedUser
User name of affected user

affectedUser does not make sense for syncUsers, only for the command syncUser.

Regards, Martin

by Michael Hubbard Author
Posted on Fri, 10/21/2022 - 21:25

In reply to by smarty

Thanks for the response Martin.

Unfortunately, I guess I neglected to state 1 important point. We are using SAML SSO to Aris 10 SR18 via our Active Directory. So there is no LDAP configuration in play here and I don't even see that "synchronize with LDAP" button in the UMC screen in Aris. Therefore, this solution won't work for me. Thanks again though for responding.

by Jon Klingaman
Posted on Fri, 02/23/2024 - 17:12

long shot but did you ever find a solution for what you are trying to do? Looking for the same information


Featured achievement

Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks


icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon