Account Type

Connect to AD supports the automatic provisioning of both user and contact-type accounts through the Account Type mapping (in the Rules > Provisioning section).

In Active Directory, user-type objects represent individuals in the organization linked to user accounts with login credentials, access rights to network resources, and mailbox functionality. In contrast, contact-type objects represent external entities like customers, vendors, and partners that only need limited access to your systems.

For example, you can choose to provision user-type objects for all regular employees (full-time or part-time) and contact-type objects for external contractors. This can be achieved by using conditional expressions, as shown in the example below:

When
Employment.EmployeeTypeCode == "CON"
Then
"Contact"

And

When
Default
Then
"User"

In the example above, if the UKG Employee type code equals "CON" (indicating contractor status), Connect to AD will provision a contact-type object in Active Directory. Otherwise, it will provision a user-type object. 

This feature enables flexible management of different personnel types in your Active Directory environment, offering enhanced security and compliance through detailed control over user access and permissions.