Microsoft Active Directory

Active Directory connection can connect to Microsoft Active Directory (AD) directory service, which will provide centralized maintenance of user accounts.

Integration is configured in the configuration file.

After the integration is connected, all users are fully synchronized with AD, then the data is updated periodically according to the setting in the configuration file (by default, daily at midnight).

The primary binding of a user to an AD user is by email match. After that, the user is assigned the user’s objectGUID from AD and further synchronization is carried out using this identifier.

User Management

With AD connected, user management is possible only from AD.

The following user account management features are no longer available in

  • Adding

  • Editing

  • Lock and unlock

  • Resend invitation

  • Cancel invitation

In the Users section, the administrator can only view the accounts.

In the Settings section, the administrator cannot access the integration connection and password security settings.

The user himself cannot edit his profile.

To add a user to, add them to your AD folder. After the next synchronization, the user account will appear in the Users section with the mark Waiting until the user is authorized.

When a user is added to AD, the invitation email is not sent.

If the added user is in several access groups, then in he is assigned a role with the maximum assigned rights.

Authorization and password recovery with connected AD

If integration with AD is configured in, then depending on the AD settings:

  • The user is authorized automatically (NTLM authentication);

  • When you go to the authorization page, a login and password request window built into the browser is displayed.

If is configured with AD integration, then password recovery is not available. When you go to the password recovery page, you are redirected to the authorization page where AD is running.

Статья помогла вам?