Who is this article for?
Users who are looking to implement active directory into the site.
No specific permissions are required.
Manage External Providers
Easysite may connect to a third party application in order to import users and groups. Microsoft Active Directory is available as a default external provider, however the Authentication Provider options allows for other providers to be integrated.
Note: The information presented in this help article assumes that Line of Sight exists between Easysite and the Active Directory installation.
Note: This Help Article refers to the configuration of the Active Directory Authentication Provider. For information on enabling Single Sign On please view the Single Sign On Best Practice article.
1. Required information
Before configuring an Authentication Provider it would be useful to have the following information available:
- The domain name or NetBios name* of the Easysite installation
- The active directory server name
- Active Directory username and password
- Details of any starting paths and filters for groups and users
- Extended record template to be completed for user accounts.
*To find the NetBios name of your domain:
1. On one of your Windows servers go to Start -> Run
2. In the input box, type dsa.msc and click OK.
3. Right-click your domain in the left pane and choose Properties.
4. Under the General tab locate the Domain Name (Pre-Windows 2000) - this is the NetBios name. Note: NetBios names do note generally contain dots.
2. Create an External Provider Instance
To manage the Active Directory authentication provider go to Administration > People > Groups > Authentication Providers. The following view will be presented:
1. Click Create an External Provider Instance. The following view will be presented:
2. From the External Provider list select Active Directory.
3. Click Select External Provider. the following view will be presented:
Enter a friendly name for the instance of the Authentication Connector.
Enter the domain name for the Easysite installation. Note: this should be a domain name - e.g. Ideagen - rather than a URL such as ideagen.co.uk. Alternatively enter the NetBios name for your installation.
Enable Auto Sign In
If required, check to allow imported users to be automatically logged into the site when visiting. Note: Automatic Sign On must also be enabled for this feature to work.
Active Directory Server
This should be a server you can access using LDAP and needs to be the fully qualified name i.e. server.domain.com.
Active Directory Username
Enter the username required to access the external provider instance. Note: this user account needs read access to the directory and should be set to never expire.
Active Directory Password
Enter the password required to access the external provider instance.
If required, check to import groups created in the external provider instance.
If users are being imported, check to associate users with relevant groups.
Group Starting Path
Define the point on the forest the import is to start from. For example, ou = EIBS.
If required add additional filters to identify specific group(s). For example the ou could be Nottingham, with a further filter of Customer Services.
If required, check to import users created in the external provider instance.
User Starting Path
Define the point on the forest the import is to start from. For example, ou = Ideagen.
If required add additional filters to identify specific users. For example the ou could be Nottingham, with a further filter of Customer Services.
5. Click Save.
3. Manage Mappings
Mappings allow data to held in the Authentication Provider to be mapped to fields in a user account record.
Note: when mapping user data from the Active Directory instance forename, surname and email address are not mandatory fields. This allows user accounts to be created for individuals with incomplete data in A.D.
1. Click Manage Mappings. The following view will be presented:
2. Select the required Easysite User Field and map to the required to field in Active Directory.
3. Click Add a new item to map another field.
4. Click Finish.
4. Troubleshooting the Active Directory authentication provider
The following steps should be taken to troubleshoot the A.D. connection:
Verify ‘authentication domain’
This should be a domain name e.g ‘IDEAGEN’ not ‘dc=IDEAGEN, dc=CO, dc=UK’
Verify ‘Active Directory Server’
Can the Active Directory server be pinged?
Note: Ping may be blocked on the server. An alternative would be to Telnet onto port 389 to verify connectivity.
Verify Username and Passwords
Check for any accidental substitutions such as zero to ‘O’, for example.
Re-enter the data and save
Whilst not strictly necessary it is useful to confirm that the authentication details are correct.
Test the credentials using an external tool
To test credentials, download AD Explorer from https://technet.microsoft.com/en-us/sysinternals/adexplorer.aspx
1. Enter the credentials provided by customer and check you can connect.
2. Verify the organisational units customer has given are correct.