In the left pane, select 
.
The workspace for a new Domain record appears.
If you want users belonging to a particular Microsoft Active Directory Group to be assigned Super User privileges in GE Digital APM (i.e., you want the Super User check box to be selected in the Details section of the Security User record for that user), then, in the Super User Role box, select the GE Digital APM Security Role whose name matches exactly the Active Directory Group whose members should be granted Super User privileges in GE Digital APM.
In GE Digital APM, each Security User must be assigned to at least one site, and must be assigned to a default site. If you want the default site for each Security User associated with a Domain record to be set to a particular site during synchronization, then, in the Default Site box, select the site that should be set as the default site.
As needed, in the <domain name> section, enter values in the available fields.
As needed, in the Field Mappings section, enter values in the available fields. The section is populated automatically with LDAP baseline Field Mapping records. To remove a Field Mapping record, in the row for the Field Mapping record that you want to remove, select , then enter values in the available fields, and then, below the row for the new Field Mapping record, select Save.
IMPORTANT: To successfully log in to GE Digital APM, Security Users must be assigned to at least one site, and must be assigned to a default site.
If your GE Digital APM system contains only one site and you selected a default site in step 4, creating Microsoft Active Directory Groups to map site assignments from Microsoft Active Directory to GE Digital APM is not required.
Additionally, you can run the LDAP synchronization process without selecting a default site in the Default Site box or creating the Microsoft Active Directory Groups described in this note. If you do so, GE Digital APM will assign the first user-created site in the database as the default site for each synchronized user. If no user-created site exists in the database, then the Meridium Default site will be assigned as the default site for each synchronized user.
To create Microsoft Active Directory Groups to map site assignments from Microsoft Active Directory to GE Digital APM:
- Ensure that you have created, in GE Digital APM, each site that you want to associate with users during synchronization.
-
In Microsoft Active Directory, create a Group whose name is <data source>_Default_<site>, where:
- <data source> is the name of the data source to which you will be connected during synchronization.
- Default is mandatory text. Microsoft Active Directory users who are associated with this group will be assigned to <site> during synchronization, and will be assigned <site> as their GE Digital APM default site.
- <site> is the exact name of a site in GE Digital APM that you want to assign as the default site for some users during synchronization.
Ensure that the Microsoft Active Directory Group name matches the naming convention exactly. For example, to assign users the default site Plant, which exists in a data source named Industry, you would create a Microsoft Active Directory Group named Industry_Default_Plant.
-
In Microsoft Active Directory, if needed, create a Group whose name is <data source>_<site>, where:
- <data source> is the name of the data source to which you will be connected during synchronization.
- <site> is the exact name of a site in GE Digital APM that you want to assign to some users during synchronization. It will not be assigned as the default site for the users.
Ensure that the Microsoft Active Directory Group name matches the convention exactly. For example, to assign users the site Plant, which exists in a data source named Industry, you would create a Microsoft Active Directory Group named Industry_Plant.
- As needed, repeat steps b and c.
-
In Microsoft Active Directory, associate the Groups with users. Each Microsoft Active Directory user whose information will be synchronized with GE Digital APM must be associated with exactly one Group whose name is <data source>_Default_<site>. Each user can be associated with any number of additional groups whose names are <data source>_<site>.
The Groups are assigned to users in Microsoft Active Directory. When you perform an LDAP synchronization, GE Digital APM site assignments will be made based on the logic described in these steps.
Note: Each GE Digital APM Security User must have a unique User ID. You can either allow these User IDs to be generated automatically, or you can create a field mapping that will generate User IDs based on the values in a selected Microsoft Active Directory field.
If you do not create the field mapping described in the steps below, User IDs will still be generated automatically during synchronization. If the userPrincipalName Microsoft Active Directory field has a value, that value will become the GE Digital APM Security User ID for the user. If the userPrincipalName Microsoft Active Directory field does not have a value, the value in the sAMAccountName Microsoft Active Directory field will become the GE Digital APM Security User ID for the user.
If you would like to use a different Microsoft Active Directory field to populate the User IDs of GE Digital APM Security Users during synchronization:
-
In Microsoft Active Directory, choose a field that exists for every Microsoft Active Directory user and whose values you want to be used as the GE Digital APM User IDs for those users.
-
In GE Digital APM, for the appropriate Domain record, in the upper-right corner of the Field Mappings section, select
. A new row appears in the section, containing the LDAP Field and Meridium Field boxes.
-
In the LDAP Field box, enter the name of the Microsoft Active Directory field that you chose in step a.
-
In the Meridium Field box, enter USERID, and then, below the row for the new Field Mapping record, select Save.
The Field Mapping record used to map User IDs is created.
In the upper-right corner of the workspace, select
A new Domain record is created.