DeviceExpert Home | Online Demo

Integrating Active Directory & Importing Users

 

DeviceExpert provides the option to integrate with Active Directory in your environment and import users from there. Users who have logged into the Windows system using their domain account can be allowed to login to DeviceExpert directly (without separate DeviceExpert login).

 

There are four steps involved in completing the process of importing users from AD and assigning them necessary roles and permissions in DeviceExpert. Follow the three steps detailed below:

Step 1  - Importing Users

The first step is to provide credential details and importing users from AD. DeviceExpert automatically gets the list of the domains present under the "Microsoft Windows Network" folder of the server of which the running DeviceExpert is part of. You need to select the required domain and provide domain controller credentials.

 

To do this,

 

 

In the UI that pops-up,

 

 

Step 2  - Assigning Roles

All the users imported from AD will be assigned the 'Operator' role by default. To assign specific roles to specific users,

 

Step 3   -  Enabling Authentication

The third step is to enable AD authentication. This will allow your users to use their AD domain password to login to DeviceExpert. Note that this scheme will work only for users who have been already imported to the local database from AD.

 

Note: Make sure you have at least one user with the 'Administrator' role, among the users imported from AD.

Step 4  -  Enabling Single SignOn

Users who have logged into the Windows system using their domain account need not separately sign in to DeviceExpert, if this setting is enabled. For this to work, AD authentication should be enabled and the corresponding domain user account should have been imported into DeviceExpert.

 

For Single SignOn, DeviceExpert makes use of a third party library named 'Java Enterprise Security Provider Authority' (Jespa), which provides advanced integration between Microsoft Active Directory and Java applications.  Jespa NTLM security provider validates credentials using the NETLOGON service just as a Windows server.

 

To facilitate this, a Computer account must be created with a specific password, which will be used as a service account to connect to the NETLOGON service on an Active Directory domain controller.

 

That means, DeviceExpert requires a computer account in the domain controller to perform the authentication (a computer account must be available/created - a regular User account will not work).

 

To enable Single SignOn,

 

 

The IE browser supports this by default and follow the instructions below to get this working in Firefox:

 

 


2011, ZOHO Corp. All Rights Reserved.