Clarity required on how Integrated Authentication, AD Authentication works

I have read several posts and OutSystems documentation on Integrated authentication and AD authentication. It is unclear how exactly AD authentication is used with OutSystems Users and roles. We require to implement AD authentication on our current project.

If a user logs in using AD authentcation how does the OutSystems User ID get mapped to the AD account; i.e. in all the cases where we use the UserId, by calling GetUserId(), to save information about the user (for example to save who last modified a record), then what UserId is being returned when GetUserId() is called? The user logged in with AD Authentication, so when was the OutSystems UserId created in the System Users table? Also when was the roles assigned to this user? We have roles in our application and according to this users will see only the screens according to their role, but this is not known to the AD account?

OutSystems documentation is hugely lacking in this regard, not giving any information as to how this is handled. Do we have to implement something ourselves?

Any information as to where we can find out exactly what happens in this case will be greatly appreciated.

.Hi Elize,

You may want to clone the Users eSpace and analyze it, which will answer several of your questions. You may also modify the cloned version and use it to address any requirements that may be missing. E.g. from the Users eSpace, you can see that:

- OutSystems roles are not mapped to AD roles, by default. 

- When a user is successfully authenticated in the AD it is automatically created in OutSystems. The OutSystems username is the same as AD's, and there's no relationship between IDs.

GetUserID() returns the OutSystems User ID.

On OutSystems session start, you can query the AD by username, to find AD roles for the currently logged in user, and map it to OutSystems non-persistent roles:

Thank you João,

The information was helpful. I shall setup some tests.