The  can be configured to support the use of groups for users. 



Enable and configure SSO

You must enable and configure one of the supported SSO integration methods. 

Configure platform

Please review and set the following platform settings.


  1. Locate the following settings and apply values as needed:

    "feature.groups.enabled"Set this value to true to enable use of LDAP groups in the platform.

    Set this value to the LDAP search result parameter containing the value to be used as the name of a group in the . This value must have unique values, since groups in the must have unique names.

    Tip: "cn" is a good choice.

    "feature.groups.ldapServers"(optional) An array of parameters, listing LDAP servers to use for synching of groups. If this parameter is not specified, then the LDAP server specified in the parameter webapp.ldap.server is used for synching.

    (optional) You must provide at least one search filter string to use to query the LDAP servers for groups. The following example searches for all groups named foo and bar. In the UI:


    If editing this parameter through , this value must be stored as an array with appropriate syntax:



    A search filter doesn't need to use the ou parameter. Any valid LDAP search filter can be used.

    Each search filter must include parentheses at the beginning and the end.

    Each filter string is expected to return a single item. If the search results include multiple items, only the first item is used.

    If this value is empty, no groups are synched.

  2. Save your changes and restart the platform.

Create users

All users must be created in the 

NOTE: The email address for the user in the must match the LDAP email attribute.


After the platform users and groups have been synched with the LDAP identity provider:

Sync Users and Groups via API

You can use the following endpoint to sync the platform with the configured LDAP servers for their groups.

NOTE: This endpoint must be triggered using an admin account.

Request Body


Response Status Code200 - OK
Response Body

The response body contains the list of groups that have been added or removed based on the synching:

    "data": [
            "ldap": "LDAP://",
            "updatedGroups": [
                    "id": 55,
                    "members": [
                            "id": 94,
                            "email": "",
                            "name": "Guest Number One"
                            "id": 95,
                            "email": "",
                            "name": "guest2 NumberTwo"
                    "name": "deptGRP1"
            "deletedGroups": [
                    "id": 54,
                    "name": "deptGRP2"

cURL example:

curl -X POST \ \
  -H 'authorization: Basic <auth_token>' \
  -H 'cache-control: no-cache'

Testing - Share Flows and Connections