Integration with Active Directory
When setting up AD integration for the first time, we recommend that you disable the "Users - User was added after import" and "Users - User information was updated after import" email templates to avoid unwanted emails.
Required fields:
Domain Controllers -IP or domain of the AD server
Base DN - AD basic DN in the format “ou=MainOU,dc=domain,dc=com”
Admin Username - іuser name for authorization in AD
Admin Password - user password for authorization in AD
Optional fields:
Use egress traffic proxy - Read more
Member of - optional filter by group for automatic import of users, the format is the same as for "Base DN"
Auth By - Field in Collaborator that will be used to search for users for authorization. Possible values.: login
, email
. Default value: login
.
Find By - The field in AD where the user will be searched if he or she is not in Collaborator. Default value: samaccountname
Append base dn - prefix for the user's login before authenticating to AD. For example, if a user tries to log in with my-login
, and the Append base dn parameter is set to domain.com
, Collaborator will try to authenticate to AD using my-login@domain.com
SSL - the option is required when the server requires SSL.
Filter by object type - specify a general filter to filter out service accounts and select only active AD users.
Filter - selects the users you want, for example, all users who have an email - domain.com
.
Setting fields - Configuration for comparing fields from AD to the system, default values (on the left fields in LMS, on the right fields in AD). By default, the required fields are: secondname, firstname, login, email. Other fields can be added as needed.
Automatic synchronization
- Automatically sync users - яif the option is enabled, you need to specify the time when synchronization will take place daily.
- Automatically sync organizational structure - яif the option is enabled, you need to specify the time when synchronization will take place daily. (More details about importing an organizational structure are described in the article - Importing structure from Active Directory.
There are 2 options for synchronizing the organizational structure:
- Subordination;
- Field.
Example of importing an organizational structure by custom field:
A test portal and two test AD have been set up: foo.local and bar.local. A custom field departmentNumber
has been configured in the test ADs:
john.smith_foo.local - fieldDir0;fieldDir1 valya.smith_foo.local - fieldDir0;fieldDir2 john.doe_bar.local - fieldDir0;fieldDir1 jane.doe_bar.local - fieldDir0;fieldDir2
Accordingly, the following structure will be created after synchronization:
-fieldDir0 --fieldDir1 --fieldDir2
Roles mapping
In the Active Directory integration settings, you can specify the mapping between roles in the LMS and groups from Active Directory. When synchronizing users, the system automatically checks which Active Directory group the user belongs to and assigns a specified or standard role (taken from the SaaS portal settings).
This feature is only available with the setting Assign role mode: By import value enabled (System Settings => Policies => Roles, more information: Policies. If the assignment mode via import is enabled, the binding to positions disappears when editing a role.
In the "Roles mapping" block, you can specify pairs "group from Active Directory - role in LMS". You can also add a new field by clicking the corresponding button.
Integration with several Active Directories simultaneously
In LMS Collaborator, it is possible to configure integration with several Active Directory domains at once. You can add a new Tenant using the following button:
Authentication. During authentication, the system passes users from both ADs, first the AD with the higher priority is checked, then the one with the lower priority ("Weight" field: the lower the value, the higher the priority). Upon successful authentication, if the user did not exist in the system, he will be automatically added using the same logic and settings as during import.
Users import. All users (from both AD domains) are merged into one list before import. For each AD in the integrations, you can set a custom tag that will be added to the user after import.
Organizational structure import. It is possible to import the organizational structure both by subordination and by custom field.