Maps Active Directory groups against roles and functions. Used by advanced single-sign on.

The contents of this table are not deployed.

Listing groups

You can use this command line to list all groups in a domain:

net groups /domain
Add row: Allowed
Delete row: Allowed
Foreign key: Not allowed


Name Datatype Read Write Primary key Description
AdGroupId int Yes No Yes Primary key.
AdGroup varchar(500) Yes Yes No The name of the AD group to map. Must match the actual group's name. Case insensitive.

Should not be prefixed with the domain name, that is, use GROUP, not DOMAIN\GROUP.

The same group may occur multiple times if you need to assign both role and functions to its members.
RoleId int Yes Yes No Role to give members of this group. If a user belongs to multiple groups the one with the lowest sort order is used.

A user must always be assigned at least one role to be able to log in, even if you also use functions.
FunctionId int Yes Yes No Function to assign members of this group.

Any previous function mappings are deleted each time a user logs in.
SortOrder int Yes Yes No Sort order.

Must be non-NULL when RoleId is non-NULL, and NULL when RoleId IS NULL.