-
KanBo Installation
- KanBo Installation on Office 365 and Azure (Manual)
- KanBo Installation on Office 365 and Azure (KanBo Installer)
- KanBo On-Premises Installation Requirements and Prerequisites
- KanBo Installation On-Premise SharePoint 2013/2016/2019
- Creating and Updating the Elastic Cloud Deployment
- Creating a Linux Based Virtual Machine on Azure for Elastic Search
- Installing and Configuring Elastic Search on Debian
- Creating a Windows Virtual Machine on Azure for Elastic Search
- Installing and Configuring Elastic Search on Windows
- How to Create a X.509 High-Trust Certificate
- KanBo Setup
- KanBo Modern Webpart Installation
- Uninstall KanBo from Office 365
- Supported Browsers
-
KanBo Updates
-
Additional Components
- Setting Up KanBo Email Notifications on Azure
- Setting Up KanBo Email Notifications (On-Premise)
- KanBo Outlook Add-in Installation (O365)
- Send Email to KanBo - Installation (Cloud)
- Send Email to KanBo - Installation (On-Premise)
- Enabling Email a Card Message
- KanBo and Microsoft Power Automate integration: Installation
- KanBo and Microsoft Power Automate Integration: Activation
- Installation of KanBo MyBoard Synchronization with Outlook Calendar and Outlook Tasks
- Installation of the Autodesk BIM Plugin for KanBo
- KanBo and UiPath Integration: Configuration
- Nintex Integration Installation
- KanBo API for Developers
- KanBo External User Groups (Active Directory Integration)
- KanBo Mini Application Installation
- Plugin for Adding Users to KanBo / Sharepoint When They First Enter it
- SharePoint Profiles Synchronization
- SharePoint Site Collection Balancing and Admin Warnings
- Sync Targets
- Installation of the KanBo Teams App
- Setting up BIM Sync as a Webjob
- Configuring KanBo for OData integration in PowerBI Desktop
- Show all articles ( 2 ) Collapse Articles
-
Tips & Tricks
- Configure How Documents Should Be Opened from KanBo
- Customize KanBo Background Images and KanBo Colors
- Disable Sleeping Tabs in Browsers
- Disable/Enable Public Boards Creation
- Find Out the Certificate Expiration Dates On-Premise
- Get KanBo ID
- How to Change the Help URL in Your KanBo
- Import Users to KanBo
- Renew Certificate for KanBo Graph Installation
- Show KanBo Version
- Removing syncing of profile pictures in the Profile Sync job
- Creating and customizing the Profile Sync Webjob
- KanBo configuration for Microsoft Azure Cloud GCC High environment
-
Troubleshooting
- KanBo Error: 401 (On-Premise Installation)
- KanBo Error: 403 (On-Premise Installation)
- KanBo Error: Cannot Open Database
- KanBo Error: User Authentication Postback Failed (On-Premise Installation)
- Migrate Boards between Office 365 Groups
- Replace Expiring Client Secret
- Grant access to logs of an Azure Web App hosted KanBo
KanBo External User Groups (Active Directory Integration)
This post is also available in: Deutsch
KanBo External User Groups functionality gives you a possibility to import Groups strictly from Active Directory. This functionality allows you also to manage User Groups from Active Directory module – all user changes will be synchronized and applied into KanBo as well as to SharePoint on which KanBo is installed.
User groups allow you to keep users you collaborate with in one place and can be created for any purpose, but they are helpful especially for gathering a group of users connected by a common task or job. They also enable you to add a whole group of users to a desired Board within a few clicks.
You need the Setup and Groups roles to make this actions.
Configuration in KanBo
As a first step, you should configure the Job Host plugin within KanBo.
1. Enter your Virtual Machine where KanBo is installed. Go to the KanBo -> wwwroot folder and enter the web.config.
Make sure that you have the following line added in the web.config. Save this file.
<security-group-sync-source.active-directory />
2. Go to the wwwroot folder and check if you have the AD sync plugin.
Configuration while launching Job Host as a standalone app
You can configure and launch Job Host as a standalone app on your Virtual Machine. Job Host will let you import AD users automatically by configuring the recurrent launch in the Task Scheduler.
In such scenario, you will have the whole control about timing of launching of the application and you can use the right account to launch it (i.e. the one connected to the right AD).
While launching a Job Host as a standalone app, you will be also sure that nothing would stop or disrupt your application from performing it's tasks.
1.Open the extracted KanBo package.
2. Move dll files from folder KanBo.ADSyncPlugin and KanBo.JobHostPlugin and KanBo.UsersAdderPlugin into Kanbo.ConsoleJobHostRunner.
3. Add KanBo.ConsoleJobHostRunner folder on your C disc or to any specific
directory.
4. Open the KanBo.ConsoleJobHostRunner.exe.config
5. Start editing it. Firsly, enter your KanBo database connection string (you might copy it from the KanBo web.config).
6. Generate a pair of certificates for the communication purposes. Here's how to do that:
Go to the IIS Server Manager, click on your server and choose Server Certificates. From the menu on the right side choose “Create self-singed certificate”, pick a name for your certificate and follow the next steps to create it. After the certificate has been created save it to a file by following these steps:
- Select -> Click on “Export” -> Follow the steps to save it as a .pfx file in a choosen location (we will use the location later when configuring the app)
- Select -> Click on “View” -> Details -> Copy to file -> Save it as a .cer file in the same location as the .pfx file
- Install certificate to LocalMachine store (DoubleClick it) . Ensure certificate exist under Personal tree using Manage computer certificates (certlm).
If you do not wish to create a Self-signed certificate, you can use this manual to generate certificates using your corporate CA - Creating a pair of authenticating certificates in KanBo.
7. Go to your KanBo directory and add information about certificate in the authentication section.
<auth.app issuer="remote"> <signature algo="rs256"> <cert type="X509SignerFromStore" storename="My" storelocation="CurrentUser/LocalMachine" key="Thumbprint" value="{THUMPRINT}" validonly="false" /> </signature> <mapper type="service" name="remote service" roles="service security-group-sync-source users-adder" /> </auth.app>
8. Switch to editing KanBo.ConsoleJobHostRunner.exe.config.
9. Create a job for synchronizing AD groups into KanBo.
<job-host name="external-groups-pipeline" options="log_time(debug) catch"> <job name="external-groups-job" /> <job.security-group-sync-source name="external-groups-job" /> <!-- this adds the actual source of users, another plugins can add custom types --> <security-group-sync-source.active-directory />
10. Create a job for adding users from AD to KanBo from the previously specified OU. Fill in the path field with your LDAP Query and adjust it to suit your needs.
<job-host name="external-groups-pipeline" options="log_time(debug) catch"> <job name="external-groups-job"> </job-host> <source type="ad" path="LDAP://OU=KanBo,DC=DEVELOPER,DC=LOCAL" filter="(&(objectClass=user)(whenChanged>={yearsago,1}))" /> </job.users-adder>
In case you are using a special (different) domain for your AD, adjust also the domain field after <source type="ad".
domain="{YOUR DOMAIN}"
11.Fill in the following values with your certificate information (the certificate's thumbprint).
<kanbo-api.service issuer="me" url="https://kanboapp.example.org:8443"> <signer type="X509SignerFromStore" storename="My" storelocation="CurrentUser/LocalMachine" key="Thumbprint" value="{THUMBPRINT}" validonly="false" /> </kanbo-api.service>
12. Now you can run KanBo.ConsoleJobHostRunner.exe (run it as administrator in CMD) to check if the job is running correctly and no errors occur.
Create a task in Task Scheduler for Ad sync component
13. Go to the Task Scheduler. Click on Create Task.
14.Set a name, for example "Job Host".
- Select "Run only when user is logged or not".
- Save these changes.
15. Go to Triggers section.
- Click on "New" button.
- Select "Daily" and set Repeat Task every 5 minutes (or a higher number of minutes - depending how efficient you would like your Job to perform its tasks of importing AD users).
- Save these changes.
16. Go to the Actions section.
- Select Action "Start a Program".
- Click on Browser and select the KanBo.ConsoleJobHostRunner.exe.
- Save these changes.
17. See if task is running correctly in Task Scheduler.
Adding an External User Group to KanBo
When the connection and plugins are fully configured, you can start adding your Active Directory Group as a KanBo External Group.
1. Enter your KanBo. Go to the Users section.
2. Now select the more button (three dots) and select Manage User Groups.
3. Click on External in User Groups section. While you enter it, you can now also click on + Add User Groups
4. A pop-up will appear. Enter the following data.
- Name - name of your User Group
- Description - a short description of this Group
- External - click on Enable.
You can use three types from a Picker to find and connect your AD Group:
1. Path-based Active Directory - enter a path to your AD Group by modifying the following line with your data : LDAP://CN=sub,OU=two,OU=KanBo,DC=DEVELOPER,DC=local.
Select Validate: Enabled to make sure the path or AD Group's name is proper.2. Group name-based - enter here a name of your AD Group.
3. Group picker - choose your Group by name from the picker - please keep in mind that the picker will show you only 100 results. You can search for your group by name using i.e. " k* " to get a list of Groups with a name starting from "k" letter.
Click on Add button to save changes.Managing the User Group
After adding an External User Group, you will be redirected to this User Group's page. You can also enter your Group by entering Users section on the Landing Page -> Users ->Manage User Groups -> External and choosing your Group.
In this section you can enter 4 sub-sections:
- Group Members - here you can see all users added to a User Groups and manage the group. Simply click on button to see User's Profile, MyBoard or to Remove User from Group.
When your plugins for the External Groups are fully configured, you can also manage (add or remove) group members from the Active Directory Service. After a synchronization, the whole group will be transferred in it's share to KanBo.
- Associated Boards - here you can see all Boards where this User Group is Added.
- Sync Targets - here you can Add Sync targets to a Group and also resync them. This will result in a synchronization of users in SharePoint. You can also remove your Sync Targets from this section. Read more here.
- Sync Tasks - here you can see all Sync Tasks connected to a Group and their dates. When you click on a Task, you will be shown with all logs considering adding Users from AD Group to KanBo External User Group or removing them.
Add a User Group to a Board
Once your Group has been added, you can add a whole group to KanBo Boards at once. Depending in which section you will add your Group, they will be given Board permissions of Board Owners, Members or Visitors.
1. Enter a Board where you would like to add an External User Group to. Go to the Users section.
2. Select the more button (three dots) and click on Manage Users.
3. Click on User Groups +Add button.
4. Select a Group you would like to add and click on "Add selected" button.
5. Your Group and all it's members have been added to a Board.
Remove an External Group from a Board
1. Simply enter your Board and click on Users Section.
2. There choose the "Manage users" button. Find your Group in the list. 3. Click on more button (three dots) and select "Remove from Group". Your Group will be removed from this Board.Was this article helpful?
Please, contact us if you have any additional questions.