How to map Active Directory Groups to Outsystems Groups without errors?
Application Type
Service Studio Version
11.10.9 (Build 38312)

We configured AD groups to Outsystems groups using Active Directory Group Mapping:

  1. We created the group on Outsystems Users application and assigned a role to the group.

  2. We mapped the AD group to the Outsysetms Group

  3. We change the login process in our OutSystems applications as described here: https://success.outsystems.com/Documentation/Development_FAQs/How_to_map_Active_Directory_Groups_to_OutSystems_Roles

The first time the user logs in, it works fine. The Active Directory Group Mapping creates the user on the Outsystems Users application and assigns him the role(s) that were defined on the Outsystems Group.

At this point, my question is: Shouldn´t the role assigned to the user be inherited from the Outsystems group?

After the first login and the user's creation on the Outsystems Users application, every subsequent login causes an exception:

Cannot insert duplicate key row in object 'dbo.ossys_User_Role' with unique index 'OSIDX_OSSYS_USER_ROLE_7USER_ID_7ROLE_ID_9TENANT_ID'. The duplicate key value is (1035, 101, 20).
The statement has been terminated.

 The error is being generated on the  "CreateOrUpdateUser_Role2" of the "CreateUserRolesFromGroupMappings" action of the ActiveDirectoryRolesCore application:

Thanks in advance.

Rank: #299

Hi pvivacqua,

Could you please confirm what action you are doing with Advance SQL named "insert"? Is it inserting into the User_Role entity or any other action? Since, if you are doing insert using this advance SQL and again into the same action you have used CreateorUpdateUser_Role2 entity action. So, might be a possibility that first role get assigned to user through advance SQL and again it is trying to get assigned/insert into the User_Role entity with CreateorUpdateUser_Role2 action for same user??

Thanks & Kind Regards,


Rank: #127

Hi pvivacqua,

one thing that could be part of your problem, is that the details of your user account in OS doesn't seem te fit requirements in document you refer to 

I think you have User.Name filled like that right now, but it should probably be User.username instead.  Can you try that ?