To setup Connect to AD, you will need:
- Connect to AD license
-
UKG Onboarding Service account
-
Active Directory account with valid permissions (provided by your internal IT department).
Entra account with valid permissions (provided by your internal IT department).
- Existing employees on UKG
After gathering the above, you may now start with the setup of Connect to AD.
After defining a new environment, you will need to setup the connections to both UKG and [target-system] .
All new environments are disabled by default. You must enable and schedule the environment before any employees are synchronized with [target-system] .
Do not enable an environment until you have reviewed the Link, Filter and Provision rules. Rules determine the behavior of Connect to AD, and if not configured correctly, it may result in unexpected results.
Setting up the Environment
Connect to AD will work with either a single domain or multiple domains that exist within a forest.
An environment can be set up to target the root of a domain or a container within the domain.
If you intend to target multiple domains within a forest, you will need to set up an environment for each domain.
Connect to AD will work with either single or multiple tenants.
Use cases
Connect to AD provides you with the flexibility to define the environments to meet complex use cases.
Here are some examples of what you can set up.
DC=example,DC=com
Create an environment to work with the test.net domain
DC=test,DC=net
Set a filter to work exclusively with active employees:
Employment.EmployeeStatusCode=="A"
Employment.EmployeeStatusCode=="Active"
Set a filter to work exclusively with terminated employees:
Employment.EmployeeStatusCode=="T"
Employment.EmployeeStatusCode=="Terminated"
CN=Users,DC=example,DC=com
Create an environment to work with the Sales Org Unit in the domain example.com:
OU=Sales,DC=example,DC=com
Create an environment to work with the Accounts org unit in the example.com domain:
OU=Accounts,DC=example,DC=com
Sync type
The Sync Type is used to determine which employees to include during the syncing process.
A full sync will process all UKG employees and will typically take longer to complete while a changes-only sync will only process recently changed UKG employees and will be completed in less time than a full sync.
We recommend that you initially use a full sync to get all your UKG employees in sync with their matching Active Directory users and then later switch to a changes-only sync for better performance.
Comments
0 comments
Please sign in to leave a comment.