Configuring Active Directory Authentication

 

You can configure to authenticate the requester login with the active directory (AD). On configuring AD authentication, if there are any changes made in the password made in AD, the same is reflected in ManageEngine IT360 . So the requesters can login using the login name and password of the system.

 

Note: Please ensure that before you start configuring the AD Authentication, you have already imported the requesters. Only if a user account is available in ManageEngine IT360 application, it will authenticate the password for that user account from the active directory. Hence, when none of the users have been imported from the active directory, the authentication cannot be done for the user account.

To configure the Active Directory Authentication

  1. Log in to the ManageEngine IT360 application using the user name and password of a ManageEngine IT360 administrator.

  2. Click the Admin tab in the header pane.

  3. In the Users block, click the Active Directory Authentication icon. Here you can enable or disable active directory authentication. By default the AD authentication will be disabled.

  4. If you have already imported requesters from the any of the domains in your network, then click Enable button.

Even after enabling Active Directory (AD) Authentication, if you would like to bypass the AD Authentication, then in the application login screen, you need to select Local Authentication from the Domain list box after entering the login name and password, and then click Login button to enter ManageEngine IT360.

 

To configure the Pass - through Authentication,

On enabling single sign-on, ManageEngine IT360 directly authenticates your windows system user name and password. Hence you need not login over again to enter into ManageEngine IT360 or remember too many passwords.

ManageEngine IT360 Pass through Authentication uses NTMLV2 which provides better security and validates the credentials using NETLOGON service.

  1. Enabling Active Directory, activates the Pass-through authentication (Single Sign-on) option.

  2. If you like to activate single sign - on, select the Enable Pass-through Authentication (Single Sign-On) option.

  3. You can enable Pass-through authentication for users from a particular domain. To do so, select the Domain Name from the drop down list. Enabled domain should be two way trusted. 

  4. Specify the DNS Server IP of the domain in the provided field.

  5. To use the NTLM security provider as an authentication service a computer account needs to be created in the Active Directory with a specific password. Specify a unique name for the Computer Account and Password for this account.

  6. The Bind String parameter must be a fully qualified DNS domain name or the fully qualified DNS hostname of a particular AD server.

  7. Save the authentication. You will get a confirmation message on the authentication.

If you have not yet imported requesters from any of the domains, you can import them by clicking Import Requesters from Active Directory link. The Import From Active Directory window pops up.

  1. From the list of domains that are listed in the Domain Name combo box, select the domain name in which the active directory from which you wish to import is installed. If the other details such as domain controller name, user name, and password have already been entered in the Domain scan page, then that will be populated automatically. Else enter the name of the domain controller in the Domain Controller Name field, login name and password in the corresponding fields.

  2. You also have an option to select the fields to import from the active directory. The unselected fields will not be imported. This is to avoid over ridding of the new values by the old values from the directory.

  3. Click Import Now !. The import wizard displays the various Organizational Units (OUs) available in that domain. Choose the specific OU from which you wish to import users by selecting the check box beside it.

  4. Click Start Importing. Once the import is complete, the data on how many records were added, how many overwritten, and how many failed to import will be displayed.

Schedule AD import

  1. You have an option to schedule Active Directory import in specified number of days.

  2. Select the Schedule AD import check box. Specify the number of days in the text box. The requester details gets imported automatically once in specified number of days.

  3. Click saveADSync button to be in sync with the active directory.



Copyright © 2013, ZOHO Corp. All Rights Reserved.