Preparing to use the Active Directory Module

More Information

Below is information needed to prepare for the use of the Active Directory Module in Issuetrak.

Applications:

  • Microsoft Active Directory (AD) Lightweight Directory Access Protocol (LDAP)
  • AD-based Public Key Infrastructure (PKI) (if enabling CAC/Smart Card Authentication)
  • Microsoft Cryptographic API (CAPI)-compatible revocation provider installed on your web server (if enabling CAC/Smart Card Authentication)

Settings:

  • Security: Windows Authentication Role Services enabled on the Web Server (IIS) Role in Windows Server Manager (if enabling AD Single Sign-on)
  • Integrated Windows Authentication enabled on your Issuetrak site within IIS (if enabling AD Single Sign-on)
  • Global Catalog enabled on the AD server Other

Other:

  • LDAP over SSL (LDAPS) certificate installed on your Domain Controller (if enabling AD SSL encryption or using the AD Module over Issuetrak Cloud Services)

Verifying AD information

Organizations within Issuetrak are generally used to represent companies and/or companies’ customers. Every Issuetrak user must be associated with an organization. The AD module allows you to map AD Groups/OUs to specific organizations, so make sure there is an AD Group or OU with the appropriate users ready to map.

Within Issuetrak, departments and location are optional values to associate with a user. The AD module looks for an exact match within the AD Department to match to the Issuetrak Department Name, and from the AD Office to match to the Issuetrak Location ID. If those fields aren’t filled out in AD, then as long as the users are associated to AD Groups/OUs that define their department and location membership, those values can be mapped as well.

If Issuetrak is hosted in the cloud, Single Sign On is not available. Please see KB Article #1845 in our Support Site for instructions on setting up AD in the cloud.

Establishing server specifications

Each AD server that communicates with Issuetrak needs to be accessible from the Web server hosting Issuetrak. In addition, you will need:

  • The server’s computer name, DNS name, or IP address may be used. However, we recommend using computer or DNS name whenever possible.
  • The fully distinguished domain name and password of the “connection user.” This user must have read-only permissions to all AD user properties.
  • Server 2012 or higher with Active Directory MUST set up their connection user to have an accountID that matches their displayname, so that the distinguished name of the user can be parsed to get the accountID.
  • The Search Order for the server if multiple AD servers exist within this domain. Search order defines the order multiple AD servers within the same domain are searched for user matches.
  • The SSL port number and the Global Catalog (GC) SSL port number if it is going to be used when connecting to this server. Issuetrak will set the defaults to SSL port 636 and GC SSL Port 3269.

Please see KB Article #1504 in our Support Site for instructions on determining the fully distinguished name of the connection user.

Collect these values for each AD server that will be communicating with Issuetrak. Should you need assistance with this task, please contact our Support Team at 757-213-1351, support@issuetrak.com or https://support.issuetrak.com.


Applies To:

Issuetrak 9.9+