Setting up Active Directory (AD) Server Authentication
- Updated on 05 Mar 2019
- 3 minutes to read
Warning : This will require appropriate technical resources on the clients side to be able to implement. We recommend making sure you have someone from your organization with experience available to streamline the process. Our support team is available to help, but may not be not be able to answer questions or solve problems that are unique to your company.
An Active Directory (AD) server can be used to synchronize users, computers, groups, or organizational units to the Portal's account base. An account can either be a person or a machine. When an AD account is used, the account's AD credentials are authenticated to gain access to the portal. For data integrity purposes, AD accounts cannot be edited in the Portal (using reset password, for example). Accounts are used for access to the Portal, and can be used for Service Desk and workflow assignments and so forth.
AD authentication can be passed through to the Portal if the AD environment requirements are met; therefore, once a user logs in to his/her client machine, when the Portal is launched, no login is required. Click here to access the AD environment requirements for single-sign on.
It is recommended you have the domain name, default email domain, and the user name and password for the active user you will use to connect to AD before you begin. The user used in the Portal to connect to AD does not have to be an administrator in AD. The user can be a basic "Domain User" in AD. The actual permission needed (that is usually granted by default to a basic user) is the "List Contents" permission. For more information, see Microsoft article 320528 .
In the Folders tree, select System > Settings .
Select Active Directory Settings from the grid.
In the Edit Active Directory Settings screen, it is recommended to leave the Auto Sign In checkbox selected. When Auto Sign-In is enabled, accounts will be automatically signed in based on the AD credentials used to log in to the machine.
To configure a new AD server, click the Add New button for the Servers field.
The Edit Object popup presents you with portal, synchronization, and server settings. Although portal settings are optional, all server settings are required and you must select a synchronization option. The three settings sections are explained below.
Select the Auto Create Users on Initial Login checkbox to allow a user immediate access to the portal as soon as the account is created in the AD server. The user will not have to wait for the next sync cycle to log in using AD. Once the user logs in to the portal, the AD account is added to the portal's account base.
Select the Sync Only Users checkbox if only users should be synchronized to the portal's account base. Groups, organizational units, and computers within the AD will not synchronize to the portal's account base.
In the Default Groups field, provide the Portal groups to which the synced AD accounts will belong; for example, the default All Users group. Note that you must type out the name of the group manually, and that you must add only one group per line. This group must already exist in the Portal as well.
All fields are required. It is recommended you have the domain name, default email domain, user name for an account with admin rights, and password information before you begin.
In the Synchronization Options drop-down list:
- Select the Entire Domain option to synchronize everything in AD to your portal account base, including users, groups, and organizational units. If the Sync Only Users checkbox is selected, then only users within the domain will be synced. Use this option with caution.
- Select the Selected Org Units option to select specific organizational units. When selected, only those org units will be synchronized to the portal's account base.
- Select the Selected Groups option to synchronize only the selected AD groups.
When complete, click OK to save the settings.
Click OK to close the Edit AD Settings screen.
In order to synchronize with the AD server, it is necessary to create an AD Sync Job. For more information on accounts and AD Server and how they interact with other modules, please refer to the related videos listed below.