This ensures that users and groups are set up correctly with limited administrator intervention.<\/p>\n\n
The user will not need to remember an additional password for the Open Bee Portal system as their authentication will be ported to the LDAP directory. <\/p>\n\n
How it works and how to import it <\/h1>\n\n
This feature allows users to be imported and synchronized daily from a directory.<\/p>\n\n
Two import modes are available:<\/p>\n\n
- \n
- Import of one or more users<\/li>\n\n\n\n
- Importing one or more groups<\/li>\n<\/ol>\n\n
Open Bee Portal is only compatible with LDAP and Azure AD service for onboarding users from a directory.<\/p>\n\n
<\/p>\n\n
Perform an import<\/h1>\n\n
Add an LDAP or Azure AD server <\/h3>\n\n
First of all, before being able to import users, the Open Bee Portal administrator must configure the directory connection settings.<\/p>\n\n
This is done in the “AD Servers” section of the Open Bee Portal administration.<\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-60-translated-1024x193.png\")
<\/figure>\n\nIt is possible to connect to an LDAP server or to Azure AD.<\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-61-translated-1024x316.png\")
LDAP Server Connection Azure AD Connection<\/figcaption><\/figure>\n\n <\/p>\n\n
Import users or groups<\/h3>\n\n
The import function is for groups and users, it can be accessed from the “Users<\/strong>” or “Groups<\/strong>” sections of the “Administration”<\/strong> section. <\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-62-translated-1024x215.png\")
<\/figure>\n\n![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-64-translated-1024x196.png\")
<\/figure>\n\n<\/p>\n\n
A configuration wizard divided into several steps allows you to configure the import.<\/p>\n\n
<\/p>\n\n
Step 1: Selecting the directory <\/h4>\n\n
The first step is to select the server to import users or groups. It should be noted that it is possible to carry out several imports on different directories.<\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-66-translated-1024x702.png\")
<\/figure>\n\n<\/p>\n\n
<\/p>\n\n
Step 2: Choosing the import mode <\/h4>\n\n
It is possible to import either users directly or existing groups into the directory. Since the groups are synchronized, the advantage of importing a group is that a user added to the group from the directory will be automatically imported into Open Bee Portal the following night. <\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-67-translated-1024x794.png\")
<\/figure>\n\n<\/p>\n\n
Step 3: Choose which users or groups to import<\/h4>\n\n
Use this step to select which users or groups will be imported.<\/p>\n\n
The retrieval of the displayed list is done in real time. The search can be refined by entering the “Search” box.<\/em> <\/p>\n\n
The user’s username, name, email address and status are included in the directory.<\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-69-translated-1024x981.png\")
Example of a list of users from an LDAP<\/figcaption><\/figure>\n\n ![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-70-translated-1024x876.png\")
Example of a group list from an LDAP<\/figcaption><\/figure>\n\n <\/p>\n\n
Step 4: Selecting a role<\/h4>\n\n
This step allows you to select the role that will be used when importing users. This setting is only used when importing a user.<\/p>\n\n
This role can then be changed by the administrator. Daily synchronization does not change the role. <\/p>\n\n
If the user already exists in Open Bee Portal, when validating the import configuration, their role will be modified.<\/p>\n\n
The ” external users<\/em> ” and ” remote” <\/em>system roles cannot be used.<\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-71-translated-1024x690.png\")
<\/figure>\n\n<\/p>\n\n
Step 5: Import option<\/h4>\n\n
During the import, if a user does not exist, it is created in Open Bee Portal from the information present in the directory. The username, full name and email address can no longer be changed from Open Bee Portal, this information now depends on the directory.<\/p>\n\n
If the user is deactivated in the directory, they will be imported into Open Bee Portal with the status disabled. However, it can be activated by the Open Bee Portal administrator.<\/p>\n\n
<\/p>\n\n
When importing users, the following options can be configured:<\/p>\n\n
- \n
- Create or update groups associated with users<\/strong>:<\/strong> By activating this option, the groups in which the users selected in this import are present will also be created in Open Bee Portal. Imported users will be associated with these groups. Imported users will be associated with these groups. <\/li>\n<\/ul>\n\n
\n
Please note that the created groups are not attached to the directory, which means that there will be no synchronization of these groups. If you want to synchronize groups, please perform a group import. <\/p>\n<\/blockquote>\n\n
<\/p>\n\n
- \n
- Use email as an identifier:<\/strong> By activating this option, the user’s ID created will be their email. In the case of an import from LDAP, it is possible to have a different identifier from the email, unlike the Azure AD import which requires the user’s identifier to be the email.<\/li>\n<\/ul>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-100-translated-1024x932.png\")
<\/figure>\n\nWhen importing groups, in addition to importing users, the groups are imported and attached to the directory. This allows for automatic synchronization every night. <\/p>\n\n
Only the following option can be configured in the case of a group import:<\/p>\n\n
- \n
- Use email as username <\/strong>: By activating this option, the user’s ID created will be their email. In the case of an import from LDAP, it is possible to have a different identifier from the email, unlike the Azure AD import which requires the user’s identifier to be the email.<\/li>\n<\/ul>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-101-translated-1024x749.png\")
<\/figure>\n\n<\/p>\n\n
Step 5: Sync Option<\/h4>\n\n
Synchronization of users and groups takes place every night.<\/p>\n\n
The following information is synchronized for all users attached to directories: username, email, and full name.<\/p>\n\n
A user’s role is not changed automatically once the import is complete.<\/p>\n\n
The following options can be configured:<\/p>\n\n
- \n
- Synchronization of the status from the directory:<\/strong> By activating this option, the user’s status in Open Bee Portal will be automatically synchronized with the status in the directory. A user who is deactivated in AD will be automatically deactivated the next day in Open Bee Portal. If you want to deactivate a user in the Open Bee Portal who remains active in the directory, it is possible to change this configuration at any time from the Open Bee Portal user interface.<\/li>\n<\/ul>\n\n
<\/p>\n\n
- \n
- Attach an existing user to the directory: <\/strong>By activating this option, if one of the users to be imported is detected as already existing in Open Bee Portal, the user will be modified to be attached to the directory. Thus, the authentication will be carried out in AD and he will be able to benefit from the automatic status update. His email and full name will also be updated. If the option is disabled, the user’s import will be skipped.<\/li>\n<\/ul>\n\n
\n
If a user is already existing and the “Attach an existing user” <\/em>option is enabled,<\/em> their role will be modified by the role configured in this import.<\/p>\n<\/blockquote>\n\n
\n
If an existing user is attached to an old directory and the “Attach an existing user” <\/em>option is enabled, it will be migrated and attached to the new directory selected during import.<\/p>\n<\/blockquote>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-104-translated-1024x947.png\")
<\/figure>\n\nWhen importing a group, an additional option can be configured:<\/p>\n\n
- \n
- Sync new users added to the group: <\/strong>By activating this option, new users added to the group in the directory will be automatically imported into the Open Bee portal and attached to the directory.<\/li>\n<\/ul>\n\n
<\/p>\n\n
These synchronization options can be changed from the user and group interface.<\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-102-translated-1024x982.png\")
<\/figure>\n\n<\/p>\n\n
Step 6: Summary<\/h4>\n\n
Before importing, Open Bee Portal checks the number of users to be imported to ensure that there is no conflict with the number of users remaining in the license. If the selection made exceeds the number of users allowed in the license, a message is displayed.<\/p>\n\n
This can take several seconds.<\/p>\n\n
If this is exceeded, the import can be carried out. However, once the license is exceeded, the remaining users to be imported will be ignored.<\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-105-translated-1024x833.png\")
<\/figure>\n\n<\/p>\n\n
Change sync settings <\/h1>\n\n
Once the import is complete, it is possible to modify the synchronization settings of the users and groups configured during the import.<\/p>\n\n
At the user interface level, it is possible to change whether the user’s status should be synchronized every night. In the event that the Open Bee Portal administrator wishes to deactivate a user who is still active in the directory, it is necessary to modify this option.<\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-72-translated.png\")
<\/figure>\n\n![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-73-translated-1024x269.png\")
<\/figure>\n\n<\/p>\n\n
On the group interface, it is possible to modify the synchronization information that will be configured on future users added to the group.<\/p>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2026\/03\/image-74-translated-1.png\")
<\/figure>\n\n<\/p>\n\n
- \n
- Sync newly added users:<\/strong> By activating this option, adding a user to this group from the directory will be reflected in Open Bee Portal. If the user does not exist it will be created, the following three options apply to users created during daily synchronization:\n
- \n
- Use email as an identifier:<\/strong> In the case of an import from LDAP, it is possible to have a different identifier from the email, unlike the Azure AD import which requires the user’s identifier to be the email.<\/li>\n\n\n\n
- Synchronization of the status from the directory:<\/strong> By activating this option, the user’s status in the directory will be automatically synchronized with the status in Open Bee Portal. A user who is deactivated in the AD will be automatically deactivated the next day in Open Bee Portal. <\/li>\n\n\n\n
- Attach an existing user to the directory: <\/strong>By activating this option, if one of the users to be imported is detected as already existing in Open Bee Portal, the user will be modified to be attached to the directory. If the option is disabled, the user’s import will be skipped.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n
![\"\"](\"https:\/\/help.openbee.com\/wp-content\/uploads\/2022\/08\/image-75-1024x680.png\")
<\/figure>\n\n<\/p>\n\n
Unattach a group or user to a directory<\/h1>\n\n
Once the import has been completed, it is possible to remove the attachment of a user or group to a directory. <\/p>\n\n
If you want to delete a group imported from an AD, it is necessary to unassociate it first.<\/p>\n\n
<\/figure>\n\nOnce unlinked, the group can be edited or deleted again from Open Bee Portal. As the group is no longer attached to the directory, the addition of new users to the group will no longer be reflected in Open Bee Portal.<\/p>\n\n
\n
Unassociating a group from a directory does not result in the disassociation of all members of the group.<\/p>\n<\/blockquote>\n\n
<\/p>\n\n
In order to disassociate users from the directory, it is necessary to go to the user administration interface. It is possible to unassociate one or more users.<\/p>\n\n
<\/figure>\n\n<\/p>\n\n
Once disassociated from the directory, the authentication of these users will no longer be carried out directly from the AD, so an email inviting users to generate a new password is sent.<\/p>\n\n
\n
Be careful if you unassociate a user who is present in a group associated with the directory and this group has the “synchronize new users”<\/strong><\/em> and ” Automatically reattach existing users”<\/strong><\/em> options enabled, the user will be automatically reattached to the directory the following night.<\/p>\n<\/blockquote>\n\n
\n
A user who is disassociated from a directory can be reattached to a directory when a new import is created.<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
Introduction Instead of manually creating users in Open Bee\u2122 Portal, they can be imported from an LDAP authentication source (typically an Active Directory) or from Azure AD. This ensures that users and groups are set up correctly with limited administrator intervention. The user will not need to remember an additional password for the Open Bee […]<\/p>\n","protected":false},"author":95,"featured_media":0,"parent":20157,"menu_order":11,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-20419","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages\/20419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/users\/95"}],"replies":[{"embeddable":true,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/comments?post=20419"}],"version-history":[{"count":10,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages\/20419\/revisions"}],"predecessor-version":[{"id":38739,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages\/20419\/revisions\/38739"}],"up":[{"embeddable":true,"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/pages\/20157"}],"wp:attachment":[{"href":"https:\/\/help.openbee.com\/en\/wp-json\/wp\/v2\/media?parent=20419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Synchronization of the status from the directory:<\/strong> By activating this option, the user’s status in the directory will be automatically synchronized with the status in Open Bee Portal. A user who is deactivated in the AD will be automatically deactivated the next day in Open Bee Portal. <\/li>\n\n\n\n
- Use email as an identifier:<\/strong> In the case of an import from LDAP, it is possible to have a different identifier from the email, unlike the Azure AD import which requires the user’s identifier to be the email.<\/li>\n\n\n\n
- Sync newly added users:<\/strong> By activating this option, adding a user to this group from the directory will be reflected in Open Bee Portal. If the user does not exist it will be created, the following three options apply to users created during daily synchronization:\n
- Sync new users added to the group: <\/strong>By activating this option, new users added to the group in the directory will be automatically imported into the Open Bee portal and attached to the directory.<\/li>\n<\/ul>\n\n
- Attach an existing user to the directory: <\/strong>By activating this option, if one of the users to be imported is detected as already existing in Open Bee Portal, the user will be modified to be attached to the directory. Thus, the authentication will be carried out in AD and he will be able to benefit from the automatic status update. His email and full name will also be updated. If the option is disabled, the user’s import will be skipped.<\/li>\n<\/ul>\n\n
- Synchronization of the status from the directory:<\/strong> By activating this option, the user’s status in Open Bee Portal will be automatically synchronized with the status in the directory. A user who is deactivated in AD will be automatically deactivated the next day in Open Bee Portal. If you want to deactivate a user in the Open Bee Portal who remains active in the directory, it is possible to change this configuration at any time from the Open Bee Portal user interface.<\/li>\n<\/ul>\n\n
- Use email as username <\/strong>: By activating this option, the user’s ID created will be their email. In the case of an import from LDAP, it is possible to have a different identifier from the email, unlike the Azure AD import which requires the user’s identifier to be the email.<\/li>\n<\/ul>\n\n
- Use email as an identifier:<\/strong> By activating this option, the user’s ID created will be their email. In the case of an import from LDAP, it is possible to have a different identifier from the email, unlike the Azure AD import which requires the user’s identifier to be the email.<\/li>\n<\/ul>\n\n
- Create or update groups associated with users<\/strong>:<\/strong> By activating this option, the groups in which the users selected in this import are present will also be created in Open Bee Portal. Imported users will be associated with these groups. Imported users will be associated with these groups. <\/li>\n<\/ul>\n\n