Configuring Active Directory Authentication

SupportCenter Plus gives an option of importing users from Active Directory and enabling Active Directory Authentication. On enabling AD Authentication, the login name and password with its domain will be validated in the Active Directory. Once the login name and password is authenticated in the AD, the Support Rep can login to SupportCenter Plus applications using the AD user name and password on selecting the corresponding domain name.

 

Note: Please ensure that before you start configuring the AD Authentication, you have already imported the users. Only if a user account is available in SupportCenter Plus application, it will authenticate the password for that user account in the active directory. Hence, when none of the users have been imported from the active directory, the authentication cannot be done for the user account.

 

To configure the Active Directory Authentication,

  1. Log in to the SupportCenter Plus application using the user name and password as an administrator.

  2. Click the Admin tab in the header pane. This opens the Configuration Wizard page.

  3. Under the User and Related Settings block, click the Active Directory icon. This opens the Active Directory page. Here you can enable or disable active directory authentication. By default the AD authentication will be disabled.

  4. If you have already imported requesters from the any of the domains in your network, then click Enable button.

Even after enabling Active Directory (AD) Authentication, if you would like to bypass the AD Authentication, then in the application login screen, you need to select Local Authentication from the Domain list box after entering the login name and password, and then click Login button to enter SupportCenter Plus.

 

Configure Pass - through Authentication

 

On enabling single sign-on, SupportCenter Plus directly authenticates your windows system user name and password. Hence you need not login over again to enter into SupportCenter Plus or remember too many passwords.

 

SupportCenter Plus Pass through Authentication uses NTMLV2 which provides better security and validates the credentials using NETLOGON service.

  1. Enabling Active Directory, activates the Pass-through authentication (Single Sign-On) option.

  2. If you like to activate single sign - on, select the Enable Pass-through Authentication (Single Sign-On) option.

  3. You can enable Pass-through authentication for users from a particular domain. To do so, select the Domain Name from the drop down list. Enabled domain should be two way trusted.

  4. Specify the DNS Server IP of the domain in the provided field.

  5. To use the NTLM security provider as an authentication service a computer account needs to be created in the Active Directory with a specific password. Specify a unique name for the Computer Account and Password for this account.

  6. The Bind String parameter must be a fully qualified DNS domain name or the fully qualified DNS hostname of a particular AD server.

  7. Save the authentication. You will get a confirmation message on the authentication.

Upon saving the details, a new computer account will be created on the Active Directory (with the help of VB Script). If the user specifies existing computer accountname, the password specified here will be reset on the Active Directory for the computer account. User can choose to reset the password of computer account by clicking on the Reset Password link as well.

 

Even if there is a problem creating Computer Account or Resetting Password of already created Computer Account using VB script from SCP server(upon save, the script will be called automatically) , the details specified here will be saved and user can execute the script locally on the AD server specifying the same details to create computer account / reset password.

 

If there is an issue with computer account creation, user can specify an already created computer account name and reset password of that computer account with the help of reset password script.

 

Schedule AD import

  1. You have an option to schedule Active Directory import in specified number of days.

  2. Select the Schedule AD import check box. Specify the number of days in the text box. The user details gets imported automatically once in specified number of days.

  3. Click Save Schedule.

ManageEngine SupportCenterPlus - Customer Support Software

Copyright © 2012, ZOHO Corp. All Rights Reserved.