Integrating User Groups with Domain User Groups - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Essential - Premier - Standard

Legacy Authentication Methods

Legacy Authentication Methods
Foundation 23.1

To remove users from an OnBase User Group when they are removed from the corresponding domain user group, in order to keep a one-to-one relationship between the domain and OnBase User Groups, complete the following steps:

  1. In the Configuration module, select User Groups/Rights from the Users menu. The User Groups & Rights dialog box is displayed.
  2. Select a user group from the list and click the Authentication Settings button. The Authentication Settings dialog box is displayed.
  3. Select Remove users from this group if no matching domain group found.

    The Remove users from this group if no matching domain group found option is not available when OnBase is configured for Active Directory - Enhanced authentication. With Active Directory - Enhanced authentication, this functionality is the default behavior.

  4. Click OK.

With this option enabled, the OnBase User Group is checked against the corresponding domain user group at log in. If the user logging in is a member of the OnBase User Group but is not a member of the corresponding domain user group, the user is removed from that OnBase User Group. Additionally, the user is removed from load-balanced Workflow queues they no longer have access to because of their removal from OnBase User Groups, and their work is returned to an unassigned state.


This option also removes users from OnBase User Groups if the user groups do not exist on the domain. Make sure your OnBase User Groups have the same names as the corresponding domain user groups. The group names do not need to have matching cases (for example, AdminUsers is considered the same as adminusers or ADMINUSERS).