Configuring Active Directory Authentication
Active Directory integration enables you to import user information from the Active Directory server into AssetExplorer. To configure Active directory authentication, head to Admin > Organization Details > Active Directory.
After you have all your user details, you can configure authentication details, schedule import, and sync details of deleted users.
Set Local Authentication Password
Set a default local authentication password for users imported through AD. You can enforce users to update this password after their first login from Security Settings.
You can enable a random password to be generated for each user or you can set a predefined password for all users. Ensure the predefined password meets all the requirements of the password policy.
Import Users from Active Directory
AssetExplorer automatically fetches all the Windows Domains in your network, allowing you to import users from Active Directory instantly.
While importing users, you can also import their details and any additional information from the AD by clicking Import Users.
- Select the domain to import users from the Domain Name drop-down. If you have already provided the Domain Controller and login credentials for a Domain in Windows Domain Scan, then selecting that Domain will auto-populate the Domain Controller and login credentials.
- Specify the Domain Controller details.
- Enter the Login Credentials.
- Toggle LDAP SSL field ON to enable secure communication between AssetExplorer and Active Directory via port 636. Ensure your Active Directory supports SSL before enabling this field.
- Select the user fields to be imported from the Active Directory and specify the field name configured in the Active Directory beside the selected field to map them.
- If you have configured user additional fields in AssetExplorer, you can select the UDF fields. Specify the field name configured in the Active Directory beside the selected field. You can refer to the following table for an example:
- If the site associated with the user/department is changed in the Active Directory, then the assets belonging to the user/department should also be moved to the new site. To update this information on every import, select Move associated assets.
- Update <empty> values: Enable this option to import and update <empty> data from Active Directory. For example, with this option enabled, user data with the First Name : Admin changed to First Name: <empty> in Active Directory will be updated in the application. If this option is disabled, then the First Name: <empty> data will not be updated and old values will be retained.
- Click Next.
- Select the Organizational Units (OUs) or AD groups from where the users must be imported.
- To select OUs, enable the OU check box. The OUs present in the domain will be listed. You can select the OUs to be imported.
- To select AD groups, enable the Group check box. Enter the sAMAccountName of groups in the text box as comma separated values.
Note: If both OUs and groups are selected, the users present in both the OUs and groups will be imported.
- Click Import Now. To import later, select Save and Import in Schedule.
Field Name |
Field Type |
Attribute Name in Active Directory |
Description |
Email Address |
Text |
|
Email Address of the user |
Country Code |
Numeric |
countryCode |
Country Code of the user |
The results of both Import Now and Save and Import in Schedule will be notified to SDAdmins through bell notifications. Note that for scheduled import, the user information imported depends on the type of import schedule configured under Import Schedule.
The imported users are listed in the users list view under Admin >> Users. You can perform further actions on the imported users from the users list view.
NOTE:
1. On every import, the existing user data will be overwritten.
2. The numeric additional fields hold up to 19 digits. If your numeric value exceeds 19 digits, configure the value in text field.
3. Invalid group names will be notified to SDAdmins along with the results of the current import and also as a banner during the subsequent import.
4. If the users are imported by selecting both OUs and groups, the imported users' count will be tracked separately for OUs and groups. For users present in both OU and group, the count will be added twice.
5. The total user count for both the selected OU and group will be notified to SDAdmin via bell notifications.
6. You can import up to 5000 groups from the AD.
Set an Import Schedule
Schedule Active Directory import at periodic intervals. Users and user details from all the domains available in the application are synced to AssetExplorer in two ways:
- Full Sync - Updates all user information during every schedule.
- Delta Sync - Updates the differences in the data every 30 minutes. This will reduce the necessity of frequent full sync updates.
To configure an import schedule,
- Hover over Import Schedule fields and click Edit.
- Enable the Schedule AD import once in every option and specify the import period. You can also specify the date and time to begin the schedule.
- Click Save.
The user details from the domains will be imported periodically as per the number of days specified after the start date and time.
Sync Deleted Users
Sync details of deleted users from Active Directory to AssetExplorer. After the sync is completed, a list of deleted users is displayed. You can remove the deleted users from the list manually, automatically, and schedule syncing of deleted users.
- Hover over Sync Deleted User(s) from Active Directory check box and click Edit.
- You can choose to remove deleted users automatically from AssetExplorer or to manually remove the users by choosing them from the list. Note that deleted technicians cannot be removed automatically.
- Enable Schedule delete sync once in every options and specify the sync period. You can also specify the date and time to begin the syncing of deleted users
- Click Save.
If manual delete is enabled, the deleted users list will be displayed as a note on the top of the Active Directory configurations page. Use the links in the note to remove the deleted users from AssetExplorer.
Note:
- If sync is disabled for deleted users, the deleted user details from AD will not be imported to AssetExplorer during manual or scheduled import.
- If the deleted users are configured on a manual or scheduled import, a bell notification will be sent to SDAdmins, in case of non-ESM setups and SDOrgAdmins, in case of ESM setups.
Active Directory Authentication
Authenticate users logging into AssetExplorer via Active Directory.
Enter Active Directory Credentials during Login: Allow users to log in to AssetExplorer using their Active Directory credentials.
- Hover over Active Directory Authentication fields and click Edit.
- Select Enable Active Directory Authentication checkbox.
- Click Save.
In the login screen, the users can specify their Active Directory login credentials and select the Domain to log into AssetExplorer. They can also bypass AD authentication during login by selecting Local Authentication from the Domain drop-down and specifying the local credentials. After enabling AD authentication, users can be added dynamically during login if proper credentials are used. Ensure that the domain details and attributes are configured in the Import Users pop-up at least once for AD authentication and dynamic user addition to function properly.