This article provides steps for migrating a site with AD/LDAP-authenticated users to AD Federation Services. If you don't have AD configured but would like to configure AD FS, please see this article.
At a high level, the following things happen as a result of a migration:
- The old domain value is validated against the new domain value to ensure that they match.
- AD/LDAP is deactivated.
- AD Federation Services is set as the Authentication Type for all previously AD/LDAP-authenticated users.
- The following fields are populated for each user account:
- Authentication Type: AD Federation Services
- Active Directory User SID
- The mappings from Active Directory are transferred to AD Federation Services.
- Any "Map Additional Attributes" are also mapped to the "User Property Mapping".
Part 1: Perform an Active Directory User Import
This step ensures that AD-authenticated users in Issuetrak have the appropriate properties set for SID, Domain, and Authentication Type. Failure to perform this step could result in duplicate user creation when users sign into Issuetrak.
- Navigate to Administration > Active Directory > Import Users.
- Select the Domain from the dropdown for which this particular import should be performed from the list.
- Click the radio button to select either AD Group or AD OU. Click the button related to your selection. Only AD Groups or OUs with verified Organization and Permissions mappings and valid users will appear.
- Select the appropriate value in the window that appears.
- Click the Preview Import button.
- Verify the import is being returned properly in the Preview import window that appears.
- Close the Preview Import window.
- Click the Process Import button to process this import.
- Repeat the import process for as many OU/Groups as necessary to account for your AD environment and ensure all of your users will be able to authenticate.
Part 2: Preparing the AD FS Server
Please see this article for steps to configure your AD FS server to work with Issuetrak.
Part 3: Complete the Migration
With the information gathered from preparing AD FS, we can migrate to AD Federation Services in Issuetrak.
- Navigate to your Issuetrak site and log in with a Sys Admin account.
- Navigate to Administration > Identity Management.
- Choose Migrate to AD FS from the lefthand menu.
- Check the box next to "Perform an Active Directory user import".
- Check the box next to "Setup AD Federation Services Server (Guide)".
- Populate the following data:
- Provider Name: A friendly name for the AD FS server.
- Domain: The Domain of the AD FS server. Ensure this matches the domain currently in your Issuetrak instance's AD settings.
- Provider URL: The URL to the AD FS server.
- Client ID: The Client Identifier from setting up AD FS.
- Client Secret: The shared secret from setting up AD FS.
- Button Name: The name of the button to display on the Issuetrak Login page.
- Click Save to save the settings.
- Click Perform Migration.
- You will be redirected to the Edit AD Federation Services Provider page. Click the Test Connection button to verify all the settings. This button launches a new browser tab to your AD FS provider's authentication page. It is necessary to sign in with an Active Directory account to view the Test Connection results.