KanBo External User Groups (Active Directory Integration)
Last modified:
KanBo External User Groups functionality gives you a possibility to import Groups strictly from Active Directory. This functionality allows you also to manage User Groups from Active Directory module - all user changes will be synchronized and applied into KanBo as well as to SharePoint on which KanBo is installed.
User groups allow you to keep users you collaborate with in one place and can be created for any purpose, but they are helpful especially for gathering a group of users connected by a common task or job. They also enable you to add a whole group of users to a desired Board within a few clicks.
Configuration in KanBo
As a first step, you should configure the Job Host plugin within KanBo.
1. Enter your Virtual Machine where KanBo is installed. Go to the KanBo App -> wwwroot folder and enter the web.config.
Make sure that you have the following line added in the web.config. Save this file.
<security-group-sync-source.active-directory />
2. Go to the wwwroot folder and check if you have the AD sync plugin.
Configuration while launching Job Host as a standalone app
You can configure and launch Job Host as a standalone app on your Virtual Machine. Job Host will let you import AD users automatically by configuring the recurrent launch in the Task Scheduler.
In such scenario, you will have the whole control about timing of launching of the application and you can use the right account to launch it (i.e. the one connected to the right AD).
While launching a Job Host as a standalone app, you will be also sure that nothing would stop or disrupt your application from performing it's tasks.
1.Open the extracted KanBo package.
2. Move dll files from folder KanBo.ADSyncPlugin and KanBo.JobHostPlugin and KanBo.UsersAdderPlugin into Kanbo.ConsoleJobHostRunner.
3. Add KanBo.ConsoleJobHostRunner folder on your C disc or to any specific directory.
4. Open the KanBo.ConsoleJobHostRunner.exe.config
5. Start editing it. Firsly, enter your KanBo database connection string (you might copy it from the KanBo web.config).
6. Generate a pair of certificates for the communication purposes. Here's how to do that:
Go to the IIS Server Manager, click on your server and choose Server Certificates. From the menu on the right side choose “Create self-singed certificate”, pick a name for your certificate and follow the next steps to create it. After the certificate has been created save it to a file by following these steps:
- Select -> Click on “Export” -> Follow the steps to save it as a .pfx file in a choosen location (we will use the location later when configuring the app)
- Select -> Click on “View” -> Details -> Copy to file -> Save it as a .cer file in the same location as the .pfx file
- Install certificate to LocalMachine store (DoubleClick it) . Ensure certificate exist under Personal tree using Manage computer certificates (certlm).
If you do not wish to create a Self-signed certificate, you can use this manual to generate certificates using your corporate CA - Creating a pair of authenticating certificates in KanBo.
7. Go to your KanBo directory and add information about certificate in the authentication section.
<auth.app issuer="remote">
<signature algo="rs256">
<cert type="X509SignerFromStore" storename="My"
storelocation="CurrentUser/LocalMachine" key="Thumbprint"
value="{THUMPRINT}" validonly="false" />
</signature>
<mapper type="service"
name="remote service"
roles="service security-group-sync-source users-adder" />
</auth.app>
8. Switch to editing KanBo.ConsoleJobHostRunner.exe.config.
9. Create a job for synchronizing AD groups into KanBo.
<job-host name="external-groups-pipeline" options="log_time(debug) catch">
<job name="external-groups-job" />
<job.security-group-sync-source name="external-groups-job" />
<!-- this adds the actual source of users, another plugins can add custom types -->
<security-group-sync-source.active-directory />
10. Create a job for adding users from AD to KanBo from the previously specified OU. Fill in the path field with your LDAP Query and adjust it to suit your needs.
<job-host name="external-groups-pipeline" options="log_time(debug) catch">
<job name="external-groups-job">
</job-host>
<source type="ad"
path="LDAP://OU=KanBo,DC=DEVELOPER,DC=LOCAL"
filter="(&(objectClass=user)(whenChanged>={yearsago,1}))" />
</job.users-adder>
In case you are using a special (different) domain for your AD, adjust also the domain field after <source type="ad".
domain="{YOUR DOMAIN}"
11.Fill in the following values with your certificate information (the certificate's thumbprint).
<kanbo-api.service
issuer="me"
url="https://kanboapp.example.org:8443">
<signer type="X509SignerFromStore"
storename="My"
storelocation="CurrentUser/LocalMachine"
key="Thumbprint" value="{THUMBPRINT}"
validonly="false" />
</kanbo-api.service>
12. Now you can run KanBo.ConsoleJobHostRunner.exe (run it as administrator in CMD) to check if the job is running correctly and no errors occur.
Create a task in Task Scheduler for Ad sync component
13. Go to the Task Scheduler. Click on Create Task.
14..Set a name, for example "Job Host".
Select "Run only when user is logged or not".
Save these changes.
15.. Go to Triggers section. Click on "New" button.
Select "Daily" and set Repeat Task every 5 minutes (or a higher number of minutes - depending how efficient you would like your Job to perform its tasks of importing AD users).
Save these changes.
16. Go to the Actions section.
Select Action "Start a Program".
Click on Browser and select the KanBo.ConsoleJobHostRunner.exe.
Save these changes.
17. See if task is running correctly in Task Scheduler.
Adding an External User Group to KanBo
When the connection and plugins are fully configured, you can start adding your Active Directory Group as a KanBo External Group.
1. Enter your KanBo. Go to the Users section.
2. Now select the
button and select Manage User Groups.
3. Click on External in User Groups section. While you enter it, you can now also click on + Add User Groups
4. A pop-up will appear. Enter the following data.
Name - name of your User Group
Description - a short description of this Group
External - click on Enable.
You can use three types from a Picker to find and connect your AD Group:
I. Path-based Active Directory - enter a path to your AD Group by modifying the following line with your data : LDAP://CN=sub,OU=two,OU=KanBo,DC=DEVELOPER,DC=local. Select Validate: Enabled to make sure the path or AD Group's name is proper.
II. Group name-based - enter here a name of your AD Group
III. Group picker - choose your Group by name from the picker - please keep in mind that the picker will show you only 100 results. You can search for your group by name using i.e. " k* " to get a list of Groups with a name starting from "k" letter.
Click on Add button to save changes
Managing the User Group
After adding an External User Group, you will be redirected to this User Group's page. You can also enter your Group by entering Users section on the Landing Page -> Users ->Manage User Groups -> External and choosing your Group.
In this section you can enter 4 sub-sections:
- Group Members - here you can see all users added to a User Groups and manage the group. Simply click on
button to see User's Profile, MyBoard or to Remove User from Group.
When your plugins for the External Groups are fully configured, you can also manage (add or remove) group members from the Active Directory Service. After a synchronization, the whole group will be transferred in it's share to KanBo.
- Associated Boards - here you can see all Boards where this User Group is Added.
- Sync Targets - here you can Add Sync targets to a Group and also resync them. This will result in a synchronization of users in SharePoint. You can also remove your Sync Targets from this section. Read more: http://community.kanboapp.com/topics/1144-sync-targets/
- Sync Tasks - here you can see all Sync Tasks connected to a Group and their dates. When you click on a Task, you will be shown with all logs considering adding Users from AD Group to KanBo External User Group or removing them.
Adding a User Group to a Board
Once your Group has been added, you can add a whole group to KanBo Boards at once. Depending in which section you will add your Group, they will be given Board permissions of Board Owners, Members or Visitors.
1. Enter a Board where you would like to add an External User Group to. Go to the Users section.
2. Select the
button and click on Manage Users.
3. Click on User Groups +Add button.
4. Select a Group you would like to add and click on "Add selected" button.
5. Your Group and all it's members have been added to a Board.
Remove an External Group from a Board
Simply enter your Board and click on Users Section. There choose the "Manage users" button. Find your Group in the list. Click on
button and select "Remove from Group". Your Group will be removed from this Board.