Microsoft Active Directory

Active Directory connection

Doc.one can connect to Microsoft Active Directory (AD) directory service, which will provide centralized maintenance of user accounts.

Integration is configured in the Doc.one configuration file.

After the integration is connected, all users are fully synchronized with AD, then the data is updated periodically according to the setting in the configuration file (by default, daily at midnight).

The primary binding of a Doc.one user to an AD user is by email match. After that, the user is assigned the user’s objectGUID from AD and further synchronization is carried out using this identifier.

User Management

With AD connected, user management is possible only from AD.

The following user account management features are no longer available in Doc.one:

  • Adding

  • Editing

  • Lock and unlock

  • Resend invitation

  • Cancel invitation

In the Users section, the administrator can only view the accounts.

In the Settings section, the administrator cannot access the integration connection and password security settings.

The user himself cannot edit his profile.

To add a user to Doc.one, add them to your AD folder. After the next synchronization, the user account will appear in the Users section with the mark Waiting until the user is authorized.

When a user is added to AD, the invitation email is not sent.

If the added user is in several access groups, then in Doc.one he is assigned a role with the maximum assigned rights.

Authorization and password recovery with connected AD

If integration with AD is configured in Doc.one, then depending on the AD settings:

  • The user is authorized automatically (NTLM authentication);

  • When you go to the authorization page, a login and password request window built into the browser is displayed.

If Doc.one is configured with AD integration, then password recovery is not available. When you go to the password recovery page, you are redirected to the authorization page where AD is running.