RapidIdentity Product Guides - 2019 Rolling Release


Roles General settings define the configuration for the Roles module and the LDAP DN for Roles.


The Roles Placement Base DN can be written manually, if known, selected from type ahead prompt, or selected from the LDAP Directory tree browser by clicking the magnifying glass, navigating to the desired directory tree location.


The bottom of the Roles Settings sidebar allows administrators to define the allowed Roles actions.

Table 364. Roles Settings Fields

Field Name


Roles Placement Base DN

The location in the directory where RapidIdentity Portal will store groups that it creates and manages.

Allow Distribution List Creation

Allows the 'Distribution List' type when creating a group. Only applies to RapidIdentity Portal instances using Active Directory.

Maximum Number of Concurrent Roles Syncs

Set the limit of groups that can sync concurrently. This is used to tune group synchronization for organizations with extremely large groups.

Enable Role Auto-Import

Enables or disables the Roles Auto Import Job.

Enable Role Auto-Synchronization

If selected RapidIdentity Portal will regularly (based on settings at the group level) calculate who should be a member of a particular group based on the group's settings and will then write that membership information to the group object in the directory. In eDirectory, the associated back-reference information is also written to the user object.

Enable Wildcard (*) Searches

Enables or disables the ability to do wildcard searches in any tab.

Maximum Number of Roles to Return

Used for organizations with many groups. This keeps a search from potentially overloading services while it works to return a large number of groups. 0 represents no limit.

Preload Roles

Determines if groups are loaded when a Roles tab is loaded or only when the search button is pressed.

Write SAMAccountName Value to Role (Active Directory Users Only)

f selected, the group name will also be written to the SAMAccountName attribute.

Access Control

Can be one of three types: None; Role-based; or Attribute-based.

Selecting either Role-based or Attribute-based triggers fields to define roles or attributes to determine the user population that can access the application.

Role-based allows administrators to define roles to include or exclude users matching that DN of the role. Attribute-based allows users matching the LDAP filter to access the application