Mappings between groups/users defined within an Axon.ivy Project to an Active Directory CN must be defined on the Axon.ivy Engine serving the workflow app. In then Engine Cockpit roles can be defined with an 'external security name' reference. So once roles are linked like this to the Active Directory - they are fully under control of the AD administrator. https://dev.axonivy.com/doc/8.0/engine-guide/tool-reference/engine-cockpit/security.html#role-detail Basically these role/user mappings live in the system database of the Axon.ivy Engine. So I think you have to do that define it on the server for once. Many other security system configurations can be defined in files: see https://dev.axonivy.com/doc/8.0/engine-guide/configuration/files/ivy-securitysystem-yaml.html#ivy-securitysystem-yaml

Mappings between groups/users defined within an Axon.ivy Project to an Active Directory CN must be defined on the Axon.ivy Engine serving the workflow app. In then Engine Cockpit roles can be defined with an 'external security name' reference. So once roles are linked like this to the Active Directory - they are fully under control of the AD administrator. https://dev.axonivy.com/doc/8.0/engine-guide/tool-reference/engine-cockpit/security.html#role-detail Basically these role/user mappings life live in the system database of the Axon.ivy Engine. So I think to do that on the server for once. Many other security system configurations can be defined in files: see https://dev.axonivy.com/doc/8.0/engine-guide/configuration/files/ivy-securitysystem-yaml.html#ivy-securitysystem-yaml

Mappings between groups/users defined within an Axon.ivy Project to an Active Directory CN must be defined on the Axon.ivy Engine service serving the workflow app. In then Engine Cockpit roles can be defined with an 'external security name' reference. So once roles are linked like this to the Active Directory - they are fully under control of the AD administrator. https://dev.axonivy.com/doc/8.0/engine-guide/tool-reference/engine-cockpit/security.html#role-detail Basically these role/user mappings life in the system database of the Axon.ivy Engine. So I think to do that on the server for once. Many other security system configurations can be defined in files: see https://dev.axonivy.com/doc/8.0/engine-guide/configuration/files/ivy-securitysystem-yaml.html#ivy-securitysystem-yaml

Mappings between groups/users defined within an Axon.ivy Project to an Active Directory CN must be defined on Axon.ivy Engine service the workflow app. In then Engine Cockpit roles can be defined with an 'external security name' reference. So once roles are linked like this to the Active Directory - they are fully under control of the AD administrator. https://dev.axonivy.com/doc/8.0/engine-guide/tool-reference/engine-cockpit/security.html#role-detail Basically these role/user mappings life in the system database of the Axon.ivy Engine. So I think to do that on the server for once. Many other security system configurations can be defined in files: see https://dev.axonivy.com/doc/8.0/engine-guide/configuration/files/ivy-securitysystem-yaml.html#ivy-securitysystem-yaml