Synergy SIS and Synergy SE User Group Synchronization

Check Using LDAP.
Click LDAP Server Type and select.
Click Integration Type and select.

Enter Domain Name (Active Directory Domain Name)
Enter Server Path to LDAP server. (i.e., LDAP://server.local) In Active Directory, this would be primary domain controller. Synergy SIS uses server path to determine Microsoft Windows server that is running the Active Directory Application Mode (ADAM) service and can provide answers to LDAP queries.
Check Secured via SSL if appropriate.
Enter Role Property name of Active Directory Property that stores type of staff member. Each staff member must have a staff type defined. A matching staff type must be stored in Active Directory and staff type box must be checked for RT LDAP Monitor Service to attempt to create a user account. Active Directory property listed here must have matched value for staff types checked. Value stored in Active Directory property must match code in K12.Staff_Type lookup table.
Staff types to allow LDAP to add school year entries controls which user accounts are automatically created by RT LDAP Monitor Service. If your organization only wants to auto create staff accounts with type of teacher only, check teacher, no user accounts will be created for staff entries if staff type is not checked.
Click .

Role Group Setup

The LDAP Name must be added to each Synergy SIS/Synergy SE User Group that will be synchronized between Synergy SIS/Synergy SE and Active Directory. The value entered into the LDAP Name must match the group name in Active Directory. Active Directory users in the group specified, in the LDAP Name property, will be added to this Synergy SIS/Synergy SE User Group. If the “Default Use Menu Group for a new user added to this group” is checked any menu groups defined in the Navigation Tree area of this group will be displayed for any users automatically created by the RT LDAP Monitor service.

In addition to Synergy SIS/Synergy SE User Group membership the school level staff assignments can be created using the User & Group synchronization.

Update/View Group Setup

Check Allow LDAP monitoring to create staff school year entries for specific school organizations listed below. User will be assigned to first school level organization listed in Organizations table. This process will allow for automation of staff movement between school sites.

Once a change is made to a user’s active directory group membership they will be reassigned accordingly inside Synergy SIS/Synergy SE. RT LDAP Monitor service will not process organizational site assignments above the school level. This prevents accidental assignment of staff to district level access by RT LDAP Monitor service.

Users created by RT LDAP Monitor and their User Group assignments should never be disabled or have their group assignments changed by an Admin level user using either User or User Group screens. This can lead to differences between Active Directory User or User group membership. This difference could lead to confusion and inappropriate access for users who were modified by hand.

NOTE:

Synergy SIS/Synergy SE User Groups should NOT have their organization tables changed after Allow LDAP monitoring to create staff school year entries has been enabled. Do not make manual changes to Organizations tables to existing groups as these changes will NOT change Staff Assignments for users. It will change users rights in Synergy SIS/Synergy SE. See Business Rules.

Business Rules

Synergy SIS/Synergy SE Staff Assignments are not changed if Organization table is changed after user is created by RT LDAP Monitor.
Changing Active Directory Group Membership will change Synergy SIS/Synergy SE group membership and add additional staff assignments. It will NOT remove previous staff assignments.
Removing staff from Active Directory groups will remove user from Synergy SIS/Synergy SE User Groups but NOT remove staff assignment.
RT LDAP Monitor will not create staff assignments if more than one school is listed in Organization table of a Synergy SIS User Group.
RT LDAP Monitor does not reevaluate staff assignments if changes are made to Synergy SIS/Synergy SE user groups after that user has already been processed by RT LDAP Monitor.
RT LDAP Monitor will create staff assignments for multiple schools sites as long as they are only organization listed in each Synergy SIS/Synergy SE user group.

It is important to understand Business Rules that govern operation of RT LDAP Monitor application so that correct actions can be taken to maintain staff school assignments in Synergy SIS/Synergy SE.

Install RT LDAP Monitor Service

In order for Synergy SIS/Synergy SE User & Group synchronization to occur RT LDAP Monitor service must be installed and configured. Edupoint recommends this service be installed on a Process Server. Install either 32 bit or 64 bit version as required by your environment. Run RTLDAPServiceSetup.msi and follow prompts to complete installation. After service is installed open RT LDAP Monitor program in the Edupoint program group.

Setup Service:

1. Set interval number of minutes that service should execute synchronization process.

2. Set Debug mode level:

a. Off (Nothing written to log)

b. On (Only Critical errors are written to RT Event log)

c. Extended (both informational and errors are written to RT Event log)

3. Enter URL to your production Synergy SIS/Synergy SE web server.

After entering above settings

Click Apply
Click Start Service. This will start user & group synchronization process.

RT LDAP Monitor Tools

Test LDAP setup (1) is a useful tool to verify setting in both Synergy SIS/Synergy SE and Active Directory.
View AD Properties (2) is very useful when identifying Active Directory properties being used to store staff type and badge ID’s.

Synergy SIS and Synergy SE User Group Synchronization

Description:

Tasks

System Configuration Setup

Setup Process

Check Using LDAP.

Click LDAP Server Type and select.

Click Integration Type and select.

Enter Domain Name (Active Directory Domain Name)

Enter Server Path to LDAP server. (i.e., LDAP://server.local) In Active Directory, this would be primary domain controller. Synergy SIS uses server path to determine Microsoft Windows server that is running the Active Directory Application Mode (ADAM) service and can provide answers to LDAP queries.

Check Secured via SSL if appropriate.

Click .

Role Group Setup

In addition to Synergy SIS/Synergy SE User Group membership the school level staff assignments can be created using the User & Group synchronization.

Update/View Group Setup

Check Allow LDAP monitoring to create staff school year entries for specific school organizations listed below. User will be assigned to first school level organization listed in Organizations table. This process will allow for automation of staff movement between school sites.

NOTE:

Business Rules

Synergy SIS/Synergy SE Staff Assignments are not changed if Organization table is changed after user is created by RT LDAP Monitor.

Changing Active Directory Group Membership will change Synergy SIS/Synergy SE group membership and add additional staff assignments. It will NOT remove previous staff assignments.

Removing staff from Active Directory groups will remove user from Synergy SIS/Synergy SE User Groups but NOT remove staff assignment.

RT LDAP Monitor will not create staff assignments if more than one school is listed in Organization table of a Synergy SIS User Group.

RT LDAP Monitor does not reevaluate staff assignments if changes are made to Synergy SIS/Synergy SE user groups after that user has already been processed by RT LDAP Monitor.

RT LDAP Monitor will create staff assignments for multiple schools sites as long as they are only organization listed in each Synergy SIS/Synergy SE user group.