The Active Directory Module enables Issuetrak's integration with Microsoft Active Directory (AD LDAP), AD Federation Services, and Azure AD. This article focuses on Active Directory (LDAP) integration.
The Active Directory integration is compatible with Secure Socket Layer (SSL) connections and multi-server/multi-domain directory environments. Issuetrak user records are automatically created and updated by the AD integration if enabled. Basic AD user attributes, Issuetrak organization, and user permissions are maintained, along with extended AD attributes, Issuetrak location, and/or department. The Single Sign-On option allows network users to have their credentials passed to Issuetrak with no additional login required.
How does the AD LDAP Integration Work?
What user information is pulled from AD?
Basic user attributes are pulled directly from AD and mapped to the appropriate fields. These include: Login (User ID), First Name, Last Name, Email, Phone, Address, City, State, Zip, and Country. Up to three additional AD attributes may be mapped through corresponding user-defined fields defined within Issuetrak.
Additional information regarding entity membership can be pulled from specific fields or mapped to AD Groups or OUs.
|Issuetrak Value||AD Value|
|Organization||Mapping to AD Group/OU|
|Location ID||AD Office, then mapping to AD Group/OU|
|Department Name||AD Department, then mapping to AD Group/OU|
User permissions are granted to AD users through mapping of specific AD Groups/OUs to an end-user template defined within Issuetrak. Agent permissions may be granted through membership in an Issuetrak group, or by AD Group/OU mapping to another template. The number of users imported is directly tied to your license key. If you map Agent permissions via a template ensure importing users will not exceed the licensed Agent count. In the event the count is exceeded, the import will stop and notify the Issuetrak System Administrator. Also, with a productivity key, licenses are based on the total number of users. Therefore the import will stop if it will exceed the maximum number of licensed end users.
Users outside of the AD structure may be created and maintained through Issuetrak. However, the “No AD Authentication” parameter (pre-11.13 releases) or Issuetrak authentication (11.13 and later) must be applied to these user records manually. Other user-related fields with no relation to AD may also be created and maintained within Issuetrak.
AD user authentication processes
Authentication processes happen in a matter of seconds. AD users will experience little if any delay when accessing Issuetrak.
An AD user will need to enter their network login/user ID and password on the Login screen to access Issuetrak. In the case of multiple domains, the user will also need to select their domain. If Single Sign-On is implemented, the user will not see the Login screen but instead, be taken directly to their Issuetrak Home Page when navigating to Issuetrak.
The AD integration sends the user’s credentials to the AD server and asks the server to authenticate (validate) this user. The server responds stating whether or not authentication is successful. If authentication is unsuccessful, an error message will be displayed to the user. If authentication is successful and the option to update users on login is activated, the AD Integration queries the server again, requesting current data related specifically to the user. This information is then compared and applied to the Issuetrak user tables as needed.
AD user import processes
To minimize retrieval of excessive and/or redundant information, import processes are based on a specific AD server and AD Group or OU.
On-demand imports may be executed from the Issuetrak interface. Scheduled imports may be defined within the interface. For scheduled imports to execute at the proper intervals, a Windows Scheduled Task must also be created on the Web server hosting Issuetrak.
The AD integration queries the AD server requesting current data related to the specified Group/OU. For users within this Group/OU, other Group/OU memberships related to Issuetrak are also translated. This information is then compared and applied to the Issuetrak user tables as needed.