search

snipe / snipe-it

A free open source IT asset/license management system
https://snipeitapp.com
GNU Affero General Public License v3.0
11.21k stars 3.2k forks source link

User Account Features #11983

Open jmartins1 opened 2 years ago

jmartins1 commented 2 years ago

Is your feature request related to a problem? Please describe.

  1. Synced user accounts from Active Directory. Name changes in Active Directory cause the creation of a new account in SnipeIT instead of updating the existing SnipeIT account.

  2. Accounts in SnipeIT remain after Active Directory account has been removed.

  3. Unable to configure SnipeIT to ignore the import of unwanted accounts from Active Directory.

  4. Having to manually assign permissions/roles.

Describe the solution you'd like

  1. Please consider importing the SID or other identifier that SnipeIT can use to compare existing SnipeIT account with updated Active Directory account. Allow the SnipeIT account to be updated.

Or

  1. Provide a method to safely change the SnipeIT user information in the database.

  2. Please consider an option to allow the removal of sunset Active Directory accounts from SnipeIT. Allow SnipeIT to compare account information based on SID or other information to determine if an account has been removed from Active Directory. If so, and the admin has (a.) Checked an option to automatically remove sunset accounts and (b.) the account does not have assets, delete the account. If the account does have assets assigned, notify the admin to manually resolve.

  3. Provide a method to prevent identified LDAP accounts from being imported during sync. Possibly based on a security group membership in Active Directory. This may also be a good option to allow or prevent account deletions in the previous answer ( number 2 above ).

  4. Please consider allowing the admin the ability to create a security group in Activity Directory and use it within SnipeIT to assign users permissions/roles. The admin would assign the user within Active Directory to a security group, when imported by SnipeIT, the user would receive the appropriate roles/permissions.

Describe alternatives you've considered

N/A

Additional context

N/A

CrypNZ commented 2 years ago

1 - Full support, think that it should import a unique identifier such as the SID, like you mentioned. 2 - Some solution would be nice, I'd prefer if there was a flag for AD disabled accounts so you could easily run a report on assets assigned to disabled users but that works better with my workflow - anything would be great.

  1. I have quite a specific OU import structure so I have no need for this but can understand others requirements for this. 4 - Full support again, I'd love to assign admin permissions from AD so we can copy IT accounts and not have to touch the SnipeIT side.