Integrating Active Directory with Decisions
  • 01 Mar 2021
  • 1 Minute to read
  • Dark
    Light

Integrating Active Directory with Decisions

  • Dark
    Light

Overview

Active Directory is a Microsoft directory service that manages domains, users, objects, and devices that operate within a network. Active Directory can be used to sync users, computers, and groups into the Decisions Portal account base. Decisions can then use these accounts from the Active Directory Server as Decisions Accounts without manually adding each account individually. 

A few key points of syncing to Active Directory are as follows:

  • Active Directory Sync Jobs only fetch users & groups from Active Directory. This is one-way sync where account/user/group information from Active Directory is stored in Decisions.
  • Information about organization units is not synced into Decisions.
  • For users, Decisions retrieves all the personal information (First Name, Last Name, etc.) and also all the contact information (Address, Phone Numbers, Emails, etc.) from Active Directory to Decisions.
  • When a user is deactivated in Active Directory, he/she will be deactivated in Decisions. 

Below are some examples of how Active Directory can is used when integrated into an instance of Decisions.

Users cannot set up Active Directory Sync simultaneously with Single Sign-On (via the SAML and OpenID Modules). Doing so will cause an error and will require users to reset their sign-on setup.

Active Directory Server Authentication

Used to authenticate users or machines AD (Active Directory) credentials to sign-in to Decisions. AD accounts cannot be edited in Decisions, but they can be used to access the Decisions Portal. and used for other purposes such as Assignments and Groups. There are specific steps that must be performed to do this for Decisions to start Authentication with AD accounts.

Active Directory Sync Job

Once AD Server Authentication is configured, AD Sync Jobs can be performed. This will allow the Automatic Creation of AD accounts that have signed into Decisions by running a scheduled Sync Job from Decisions to the AD Server. The Sync will then pull information from the selected AD Domain provided in the Server Authentication. Depending on the choices selected, users can sync specified data (Groups, Accounts, Organizations, etc.) or sync all these elements by choosing to sync from the Entire Domain.


Was this article helpful?