Integrating Active Directory with Decisions

Overview

Active Directory (AD) is a Microsoft directory service that manages domains, users, objects, and devices that operate within a network. Active Directory can be used to sync users, computers, and groups into the Decisions Portal account base. These accounts can then be used from the Active Directory Server as Decisions accounts without manually adding each account individually. 

A few key points of syncing to Active Directory are:

• Active Directory Sync Jobs only fetch users & groups from the Active Directory Server. This is one-way sync where account/user/group information from Active Directory is stored in Decisions.
• Information about organization units is not synced into Decisions.
• For users, Decisions retrieves all the personal information (First Name, Last Name, etc.) and the contact information (Address, Phone Numbers, Emails, etc.) from Active Directory.
• When a user is deactivated in Active Directory, that user will be deactivated in Decisions. 

Below are some examples of how Active Directory can be used when integrated into Decisions.

Active Directory Server Authentication

The Active Directory Server Authentication is used to authenticate users or system Active Directory credentials to log in to Decisions. AD accounts cannot be edited in Decisions but can be used to access the Portal and for other purposes such as Assignments and Groups. There are specific steps that must be performed to do this for Decisions to start Authentication with AD accounts.

Active Directory Sync Job

Once AD Server Authentication is configured, AD Sync Jobs can be performed. AD Sync Jobs allows the automatic creation of AD accounts that have logged into Decisions by running a Scheduled Sync Job to the AD Server. The Sync will pull information from the selected AD Domain provided in the Server Authentication. Depending on the options selected, users can sync specified data (Groups, Accounts, Organizations, etc.) or sync all elements by choosing to sync from the Entire Domain.

Active Directory Setup in Containers

To learn more about containers, refer to the Containers Overview article.

Active Directory module might fail to pass authentication via LDAP/LDAPS to the Active Directory domain when running in Containers. To prevent authentication failure, follow these steps while setting up an AD server.

• Active Directory in containers does not support Create User Advanced and Set Password steps. For more information, refer to Active Directory Module Steps.
• Containers are Linux-based environments that require a domain name prefix for login. When adding servers, make sure to disable the "Use No Login Prefix" setting in the server settings. This will ensure that users are prompted to enter the login prefix when logging into the environment (domainName\userName).