Integrating Active Directory with Decisions

Overview

Active Directory is a Microsoft directory service that manages domains, users, objects, and devices within a network. In Decisions, Active Directory can be used to sync users, computers, and groups into the Decisions Portal account base. Decisions can then use these accounts from the Active Directory Server as Decisions Accounts without manually adding each account individually. Decisions can also use different components of these accounts to enable features such as SSO (Single Sign-On).  

A few key points of syncing to Active Directory are as follows:

• Active Directory Sync Jobs only fetch users & groups from Active Directory. This is a one-way sync where account/user/group information from Active Directory is stored in Decisions.
• Information about organization units is not synced into Decisions.
• For users, Decisions retrieves all the personal information (First Name, Last Name, etc.) and all the contact information (Address, Phone Numbers, Emails, etc.) from Active Directory to Decisions.
• When a user is deactivated in Active Directory, they will be deactivated in Decisions. 

Below are some examples of how Active Directory can is used when integrated into an instance of Decisions.

Active Directory Server Authentication

Used to authenticate users or machines AD (Active Directory) credentials to sign in to Decisions. AD accounts cannot be edited in Decisions, but they can be used to access the Decisions Portal. and used for other purposes such as Assignments and Groups. To do this, specific steps must be performed for Decisions to start Authentication with AD accounts.

For further instructions on AD Server Server Authentication, click here.

Active Directory Sync Job

Once AD Server Authentication is configured, AD Sync Jobs can be performed. This will allow the Automatic Creation of AD accounts signed into Decisions by running a scheduled Sync Job from Decisions to the AD Server. The Sync will then pull information from the selected AD Domain that is configured during the Server Authentication. Depending on the choices selected, users can sync specified data (Groups, Accounts, Organizations, etc.) or sync all these elements by choosing to sync from the Entire Domain.

For further instructions on how to perform an AD Sync Job, click here.

Enabling Single Sign-On with Active Directory 

This will enable Single Sign-On for Accounts sourced by AD when logging into the Decisions Portal. The accounts would not have to log in, and the credentials that are provided by AD will be used as Decisions credentials.

For further instructions on how to Enable Single Sign-on with AD Accounts, click here.