Active
directory can only be set up for newly created users. For more information,
please see Creating a New Network
User.The Active Directory integration allows users to log in to Personify360 using their network credentials. If enabled, once you log in to your PC, you can automatically log into Personify360 without having to re-enter credentials. System administrators can create new accounts by specifying a user’s network username.
Active
directory can only be set up for newly created users. For more information,
please see Creating a New Network
User.
The application server receives the user credentials and then attempts to log onto the Active Directory domain using the supplied user credentials. If the logon attempt succeeds, then the user is authenticated and allowed to continue in Personify360. If the logon attempt fails, the system does not allow the end user to continue. No special services are required for Active Directory authentication; it is all performed through the application server.
The USER_ID column has a maximum length of 20 characters and is generated based on the first character of the user’s first name and up to 19 characters of the user’s last name. Considering the User ID is <DomainName>\<User ID> when using Active Directory, the User ID will be truncated if you have a long Domain Name. As of the 7.2.3 release, however, the authentication is based on the Network ID, which has a maximum length of 256 characters (although Active Directory currently only supports 150 characters). Details on the Microsoft Active Directory naming conventions and field limits are available at:
http://support.microsoft.com/kb/909264.
This
tool is not for hosting services.
The Active Directory username and password logs users into the application, but the security groups provide access to personas, screens, and access-points. Active Directory manages authentication, whereas the Security subsystem manages authorization and more robust security options than Active Directory security.
If
the user's password contains a pipe ( | ) character, the system will display
a message that the network credentials are incorrect. Please remove the
pipe character from the user's password to continue.
To enable Active Directory:
1. You must
enable Active Directory in the Config.xml
file on the client-side before deploying to the workstations. Set the
EnableActiveDirectoryIntegration value to "True",
as shown below.
<Item Name="UserInterface"
SplashScreen="False"
ApplicationHostType="MDIMain"
StartupCommand="file://./HTMLPages\startscreen5.html"
ConfigFolder="Config"
DefaultRole="CallCenterRep"
AdvancedThemes="True"
DefaultTheme="TIMSS_Default.isl"
CustomerProfileURL="http://YourClientWebSite/CustomerProfile/Main.aspx"
RememberPassword="True"
RememberUserId="True"
EnableActiveDirectoryIntegration="True"
/>
2. In order for the system to pick up the new password when users change their network credentials password, the RememberPassword and RememberUserId values must be set to "True" in the Config.xml file, as shown above.
3. Create a new network user account.
You cannot
convert an existing user account to Active Directory (the checkbox is
disabled for existing user accounts). You must create a new user account.
4. When the
user open the Personify360 application, the "Use Windows Authentication"
option will display for the user to enter their the Active Directory credentials,
as shown below.
The username
must contain the domain name and it must match the Active Directory username.