Skip to main content

Users by applications

The Users by applications screen is the cross-tab that joins the corporate LDAP / Active Directory catalog to each connected application, for the AD departments declared in Settings. One line per (Group, Application, AD department, LDAP user).

It is the source of the per-department Excel export auditors expect — one file per department, one sheet per application, plus a sheet listing all LDAP entries. Open the grid, apply any filter, hit the export button.

At a glance

Nomasx-1 · Security · LDAP · Users by applicationsExport ExcelGROUPAPPLICATIONAD NAMEDEPARTMENTUSER IDSTATUSROLESFINANCEJDE ProdJohn DoeFIN-APJDOEActiveACCT_AP,APPROVERFINANCEJDE ProdMary SmithFIN-APMSMITHActiveACCT_APFINANCEJDE ProdPierre DurandFIN-APSUPPLYJDE ProdAnna KhanSC-OPSAKHANActiveSC_PLANNEREXCEL EXPORTOne file per department, one sheet per application inside, plus one sheet with every LDAP entry as appendix. Filter the grid first, then export — only matching rows ship to the file.

Goal of the view

For each combination of (Group, Application, AD department) defined in Settings:

  • List every AD user in the department, with their corporate identity (name, description, expiration, company, title).
  • Pair each AD user with their source-system account, when one exists — user ID, status, creation, last login, registration and the comma-separated list of roles they carry.
  • Slice the result for export. The grid feeds the Excel export auditors usually request: one file per department, one sheet per application inside, plus an appendix sheet with the full LDAP catalog.

If an AD user has no matched account on the application, the source-system columns stay empty on the row — the row still ships in the export, so the auditor can see that the person is in scope for the department but does not actually hold an account.

Columns

ColumnSourceWhat it tells you
GroupLDAPD_GROUP — text.High-level grouping (Finance, Supply, HR, IT, …) declared in Settings.
ApplicationAPPS_NAME — text.The application the row covers.
AD NameLDAP_NAME — text.Display name of the LDAP user.
AD DepartmentLDAPD_DEPARTEMENT — text.The AD department declared in Settings and matched to the user's department attribute.
AD DescriptionLDAP_DESCRIPTION — text.HR registration / free text used to join the AD user to the source-system account.
AD ExpiresLDAP_EXPIRES — date.When the AD account is scheduled to expire.
AD CompanyLDAP_COMPANY — text.Legal entity from AD.
AD TitleLDAP_TITLE — text.Job title from AD.
User IDUSR_ID — source-system user identifier.The matched source-system account. Empty if the AD user has no account on this application.
User NameUSR_NAME — source-system display name.Display name on the source side.
RegistrationUSR_REGISTRATION — HR matricule on the source side.The value that was used for the join.
StatusUSR_STATUS01 means Active.Source-system status.
Login DateUSR_DT_LOGIN — date.Last authentication on the source system.
Creation DateUSR_DT_CREATION — date.When the source-system account was created.
RolesRLU_ROLE_ID — comma-separated list.Effective role wallet on the source side, alphabetically sorted. Empty if the account holds no role.

Tips & best practices

  • Filter before exporting. Limiting the grid to one Group gives a leaner export — useful when the audit covers a single business area.
  • Sort by Group + Department to read the grid the same way the export file lays it out — easier to verify a row before sending.
  • A row without User ID is not a gap by itself — it simply means the AD user has no account on that application. Whether that is expected is a business judgement, but the row stays in the export so the auditor can confirm it.
  • An AD department missing from the grid means it was not added to Settings. Open the Settings page, add the row, re-run the LDAP scan.