Active Directory Requirements and Setup



Similar documents
SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

SchoolBooking SSO Integration Guide

Using Internet or Windows Explorer to Upload Your Site

PineApp Surf-SeCure Quick

Configuring Sponsor Authentication

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

Sentral servers provide a wide range of services to school networks.

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Configuring the Active Directory Plug-in

IIS, FTP Server and Windows

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Expresso Quick Install

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Using LDAP for User Authentication

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide

BusinessObjects Enterprise XI Release 2

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Integrating Webalo with LDAP or Active Directory

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

LDAP and Active Directory Guide

Configure Single Sign on Between Domino and WPS

Ingenious Testcraft Technical Documentation Installation Guide

VERALAB LDAP Configuration Guide

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Installation Guide v3.0

Configuring MailArchiva with Insight Server

Delegated Administration Quick Start

Livezilla How to Install on Shared Hosting By: Jon Manning

Millennium Drive. Installation Guide

Adobe Connect LMS Integration for Blackboard Learn 9

SonicWALL Security Quick Start Guide. Version 4.6

Opacus Outlook Addin v3.x User Guide

Active Directory Integration for Greentree

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Secure Messaging Server Console... 2

Installation Guide. Research Computing Team V1.9 RESTRICTED

WatchDox SharePoint Beta Guide. Application Version 1.0.0

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Active Directory Authentication Integration

TestTrack Test Case Management Quick Start Guide

Managed Devices - Web Browser/HiView

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online

IMPLEMENTING DIRECTORY SERVICES INTEGRATION WITH HELIX MEDIA LIBRARY Revision Date: September 2014

Wazza s QuickStart 17. Leopard Server - Blogs & Wikis

Creating a generic user-password application profile

Active Directory Integration

STK Terrain Server Installation Guide

PaperStream Connect. Setup Guide. Version Copyright Fujitsu

Installing Microsoft Exchange Integration for LifeSize Control

EDGETECH FTP SITE CUSTOMER & VENDOR ACCESS

Polar Help Desk 4.1. User s Guide

Click Studios. Passwordstate. Installation Instructions

Kentico CMS 7.0 Intranet Administrator's Guide

Professional Mailbox Software Setup Guide

OpenCart. SugarCRM CE (Community Edition Only) Integration. Guide

EBOX Digital Content Management System (CMS) User Guide For Site Owners & Administrators

PriveonLabs Research. Cisco Security Agent Protection Series:

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

WHMCS LUXCLOUD MODULE

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Installation Guide. (You can get these files from

NSi Mobile Installation Guide. Version 6.2

Nexio Insight LDAP Synchronization Service

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Microsoft Dynamics GP SQL Server Reporting Services Guide

FTP, IIS, and Firewall Reference and Troubleshooting

HDAccess Administrators User Manual. Help Desk Authority 9.0

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Installing the ASP.NET VETtrak APIs onto IIS 5 or 6

Snow Active Directory Discovery

Click Studios. Passwordstate. Installation Instructions

Send to Network Folder. Embedded Digital Sending

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

Getting Started with Clearlogin A Guide for Administrators V1.01

Configuring Thunderbird for Flinders Mail at home.

Installing Logos SSL Certificates on Mobile Devices

Integrations. Help Documentation

How to Join QNAP NAS to Microsoft Active Directory (AD)

Training module 2 Installing VMware View

SharePoint AD Information Sync Installation Instruction

PRiSM Security. Configuration and considerations

Active Directory Management. Agent Deployment Guide

Active Directory Validation - User Guide

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Weston Public Schools Virtual Desktop Access Instructions

Active Directory Provider User s Guide

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Document From MAXIMUM BUSINESS INFORMATION TECHNOLOGY ON A. OwnCloud User Manual. TO I Cafe`

MICROSTRATEGY 9.3 Supplement Files Setup Transaction Services for Dashboard and App Developers

Creating Home Directories for Windows and Macintosh Computers

How to install and use the File Sharing Outlook Plugin

To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.

Technical White Paper

Transcription:

Active Directory Requirements and Setup The information contained in this document has been written for use by Soutron staff, clients, and prospective clients. Soutron reserves the right to change the information in this document without prior notice and data should not be relied upon to address all circumstances or needs. The contents of this document do not provide guarantees or warranties of the Soutron application by Soutron Limited. Soutron Limited assumes no responsibility for any errors that may appear in this document. The software described in this document is provided under a license agreement and may be used only in accordance with the terms of such license. All names of companies and products described in this document are the trademarks of their respective owners and Soutron makes no claims on their behalf. Contents Active directory preparation... 2 Soutron role mapping... 2 Setup connectivity to LDAP and security groups.... 3 Create and set default user profile.... 4 Setup import task schedule... 4 Web.config changes... 4 IIS configuration (IIS 7.5)... 5 Testing SSO & user import... 6

Active directory preparation Soutron requires several active directory groups be setup in order to import users and assign the correct permission. 1. For general users, we require an AD container (CN) which contains all users who will be permitted access to the catalogue. You may already have such a group in place, such as the built-in users CN. 2. Security groups for the following roles, these groups will be mapped to the inbuilt roles in Soutron: a. Administrators b. Catalogue Administrators c. Clerical d. Librarian e. Read Only 3. A domain username and password are required, this user should needs read-only access to the domain so it can read user properties from AD. 4. LDAP Path, and if applicable LDAP filter address this is only required if you will only be importing a subset of users from AD. If the application will be accessible by all staff a filter is not usually required. 5. You will also require access to the Soutron database and the application files from the web server. 6. There are a few tasks which require you to login to the library application so it is suggested you request an admin login from the library team, or have them on hand to assist. You do not need a group for roles that will not be used, in most cases two-three groups are enough. Please discuss this with Soutron and the library administrator. Soutron role mapping We must map our AD security groups to the pre-defined roles in Soutron. 1. Login to your catalogue as an administrator 2. Go to System management > System configuration maintenance > External Mapping 3. Enter the name of each security group against the corresponding role. a. You must add a prefix or suffix to the security group name with your domain name in one of the following formats. i. DOMAIN.EXT\GROUP ii. DOMAIN\GROUP iii. GROUP@DOMAIN.EXT 4. Once all mappings have been added Save & Close the External mappings screen.

Setup connectivity to LDAP and security groups. You now need to specify your LDAP address, security groups, user filter and domain account in the database. In order to do this we have prepared the below scripts to run against the Library database. Please ensure you correct the values in red to match your environment. set SystemConfigParamValue='ActiveDirectory' where SystemConfigParamName='ExternalHrBase' -- Authentication type set SystemConfigParamValue = 'LDAP://your LDAP Path' where SystemConfigParamName = 'LDAPPath' -- LDAP Path set SystemConfigParamValue = 'domain\admin group name' where SystemConfigParamName = 'RoleAdministratorExternalName' -- Admin group set SystemConfigParamValue = 'domain\cat Admin group name' where SystemConfigParamName = 'RoleCatalogueAdministratorExternalName' -- Cat Admin group set SystemConfigParamValue = 'domain\librarian group name' where SystemConfigParamName = 'RoleLibrarianExternalName' -- Librarian Group set SystemConfigParamValue = 'domain\clerical group name' where SystemConfigParamName = 'RoleClericalExternalName' -- Clerical set SystemConfigParamValue = 'domain\read Only group name' where SystemConfigParamName = 'RoleReadOnlyExternalName' -- Readonly set SystemConfigParamValue = NULL -- If you wish to restrict access to a specific area of users specify the path here. i.e CN=SoutronUsersToImport,OU=SoutronLMS_AD_Sync, DC=Soutron,DC=lan where SystemConfigParamName = 'UserImportFilter' -- Import filter - if required set SystemConfigParamValue = 'domain\domain User or service account' where SystemConfigParamName = 'SyncApiUsersApiLogin' -- AD username with read-only access set SystemConfigParamValue = 'domain\domain user or service acount' where SystemConfigParamName = 'SyncApiUsersApiPassword' -- AD user password with read-only access

Create and set default user profile. First check that the default profile is enabled, to do this go to: Modules > Users > User profile template. You should see a profile called Default this profile should be set as active. Setup import task schedule We need to setup a schedule when new users will be imported from AD into the catalogue. 1. In Soutron go to Modules > Task Centre > Task maintenance 2. Select Create Task. 3. Enter a task description AD User Sync, Set the accessibility as Shared. 4. Set the task type as Data Maintenance > User synchronisation 5. On the task schedule tab click Create new schedule. 6. Setup the schedule based on your requirements. We recommend running the process out of hours every night. 7. Click Save & Exit 8. Give the schedule a name AD User Sync 9. Save & Close task. Web.config changes To enable single sign on (SSO) you must make changes to the web.config and IIS settings. 1. Open the web.config file, this can be found in the root of the Library folder on your web server. Find the section of the file that refers to Bindings, as shown below. <basichttpbinding> <binding name="streamedbasichttpbinding" maxbufferpoolsize="67108864" maxreceivedmessagesize="67108864" maxbuffersize="64108864" transfermode="streamed" /> <readerquotas maxstringcontentlength="1024768" /> The above should be replaced with the below (changes are marked in red): <basichttpbinding> <binding name="streamedbasichttpbinding" maxbufferpoolsize="67108864" maxreceivedmessagesize="67108864" maxbuffersize="64108864" transfermode="streamed" /> <readerquotas maxstringcontentlength="1024768" /> <security mode="transportcredentialonly"> <transport clientcredentialtype="windows" /> </security>

Then apply the same change to the section shown below: <webhttpbinding> <readerquotas maxstringcontentlength="256000" /> </webhttpbinding> The above should be replaced with the below (changes are marked in red): <webhttpbinding> <readerquotas maxstringcontentlength="256000" /> <security mode="transportcredentialonly"> <transport clientcredentialtype="windows" /> </security> </webhttpbinding> IIS configuration (IIS 7.5) Open IIS and select the library application directory where your site is configured. 2. Next select the authentication option from the Feature view pane in IIS. 3. Disable all options, and enable the Windows Authentication option. 4. Select windows authentication, then right click and select Providers. 5. Ensure NTLM is first in the list.

6. Select Handler Mappings from the features list for the Library application pool. 7. Click View ordered list on the right hand menu. 8. Ensure ExtensionlessUrlHandler-ISAPI-4.0_32bit and ExtensionlessUrlHandler-ISAPI-4.0_64bit are 2 nd & 3 rd from the bottom. Use the Move down option to move the handler into the correct position. Testing SSO & user import You can now open your browser and go to your catalogue URL where you will be logged in automatically. If you are part of a security group defined at the start of this document you should also have the module and/or system configuration menu available. To test the full synchronisation of users is occurring wait for the task to run then go to: Module > Users >User Search > Click the search button. If you see all your users returned in the results list the task completed correctly. If very few users appear contact Soutron for assistance in debugging the cause of the failure. Note: The Soutron Task service must be running for users to be imported. Note: You may need to add your URL to the local intranet sites list in IE. Tools > Internet Options > Security > Local Intranet > Sites > Advanced > Add.

When using SSO we suggest using Internet Explorer, using any other browser requires assistance from your internal IT to configure the correct settings.