Overview
Active Directory (AD), or any LDAP authentication source, can act as a source for user accounts within the system. When an authentication source is configured, an imported user can log in to the web portal using the credentials attached to his or her authentication source account.
You can utilize one of two methods to configure Active Directory integration:
-
Machine Method—If you use the machine method, you will first need to download the desktop client onto the server that houses the authentication source. You will then register that desktop client to any user within the system. For instructions on how to install and register the desktop client, please reference Download the Desktop Client.
Note: When registering to a user account on a server, it is recommended that you create a service account. The purpose of using a service account is to prevent unnecessary storage usage on the local machine. A service account should not be subscribed to team shares, should be set to use fixed space quota of .01GB, and should be configured using a predetermined naming system (such as First Name: File Server; Last Name: LDAP).
- Server Method—Using the server method, you can connect to your authentication source without installing a desktop client on the machine that houses the authentication source. This server must be publicly accessible in order to use this method.
Notes to consider
- The integration between x360Sync and Active Directory is for authentication purposes only; you will still need to manage AD user accounts separately. For example, if you delete a user account in AD, the user will still exist in x360Sync.
- If you have already manually created user accounts, and want to convert these existing user accounts to AD user accounts, you must ensure that the email addresses match. If an email address matches, then the system will successfully convert the existing user account to an AD user account, and there will be no need to uninstall and reinstall desktop clients.
- When you integrate with Active Directory, desktop clients can be silently pushed, installed, and registered to end users without needing to alert the end user. For more information about silent installations, please reference the Silent Desktop Client Installation and Registration Knowledge Base article.
- While x360Sync will successfully integrate with any LDAP authentication source, it will not integrate with non-LDAP sources, such as Azure AD. While Azure AD supports internal LDAP authentication, it does not currently support external LDAP authentication. For more information, please reference this TechNet Blog.
- For information on port configuration settings, please reference the Axcient Cloud IP Address Knowledgebase article.
Troubleshooting End User registration issues
Within Active Directory, if the User must change password at next logon setting is enabled, attempts to register the desktop client or log in to the web portal will fail.
We suggest that you turn off the User must change password at next logon setting in Active Directory to ensure successful registration and logins.
Machine method
To integrate with Active Directory using the machine method:
- On the server that houses Active Directory, download and install the desktop client. For instructions on installing the desktop client, please reference the End User Guide.
- After you install the desktop client, register the desktop client to a user account. For instructions on registering the desktop client, please reference the End User Guide.
- While still in the server that houses Active Directory, record the computer’s full computer name.
- Click the Start menu, right-click Computer, and select Properties. The System window displays.
- In the System window, find the informational field titled, Full Computer Name. Record the full name of the computer so that it can be referenced later.
- When you are finished installing and registering the desktop client, return to the administrative web portal.
- While in the appropriate organization, click the Settings tab. The Settings page displays.
- In the Settings page, click the Authentication tab. The Authentication section displays.
- In the Authentication section, click the Add Source button to add an authentication source.
The page refreshes to display a Configure an Authentication Source section of the page. - In the Configure an Authentication Source section of the page, configure your authentication source.
- In the Machine drop-down menu, select the name of the machine that houses your Active Directory.
- In the Host field, enter the full computer name that you recorded above. This information can be found in your computer’s properties (for example, servername.anchor.com).
- In the Domain field, enter the Active Directory Domain Name (for example, anchor.com).
- In the Login field, enter a username that has administrative access to Active Directory.
- In the Password field, enter the corresponding password for the administrative user.
- Click the Save button when you are finished.
After you have entered information for Active Directory, the page will refresh to show you a listing of all current authentication sources. - In the Manage column, click the Import Users button.
The page refreshes to show import settings. - Configure settings for importing users.
- Select the Send Welcome Email checkbox to send a welcome email as soon as users are imported into the system.
- Select the Enable WebDAV checkbox to enable WebDAV.
- Use the Add to Team Shares box to select the Team Shares to which all user accounts should be added. Alternatively, click the All button to add all user accounts to all Team Shares, or click the None button if you do not want to add user accounts to Team Shares. Please note that you can add user accounts to Team Shares after they have been created.
- In the Organizational Units box, browse and select the Active Directory users that should be imported; alternatively, select specific organizational units (OUs) to be added to the system.
- Click the Import Selected Users button to import the users into the system. End users can now log in to the system, and register devices, using their Active Directory credentials.
Server Method
To integrate with Active Directory using the server method:
- While in the appropriate organization, click the Settings tab. The Settings page displays.
- In the Settings page, click the Authentication tab. The Authentication section displays.
- In the Authentication section, click the Add Source button to add an authentication source.
The page refreshes to display a Configure an Authentication Source section of the page. - In the Configure an Authentication Source section of the page, configure your authentication source.
- In the Machine drop-down menu, select Use Server.
- In the Host field, enter the internal IP address of the Active Directory server machine if it is on the same network as the x360Sync Server. If the Active Directory server machine is outside of your network, enter the publicly resolvable host name or IP address.
- In the Domain field, enter the Active Directory Domain Name (for example, x360Sync .com).
- In the Login field, enter a username that has administrative access to Active Directory.
- In the Password field, enter the corresponding password for the administrative user.
- Click the Save button when you are finished.
After you have entered information for Active Directory, the page will refresh to show you a listing of all current authentication sources. - In the Manage column, click the Import Users button.
The page refreshes to show import settings. - Configure settings for importing users.
- Select the Send Welcome Email checkbox to send a welcome email as soon as users are imported into the system.
- Select the Enable WebDAV checkbox to enable WebDAV.
- Use the Add to Team Shares box to select the Team Shares to which all user accounts should be added. Alternatively, click the All button to add all user accounts to all Team Shares, or click the None button if you do not want to add user accounts to Team Shares. Please note that you can add user accounts to Team Shares after they have been created.
- In the Organizational Units box, browse and select the Active Directory users that should be imported; alternatively, select specific organizational units (OUs) to be added to the system.
- Click the Import Selected Users button to import the users into the system. End users can now log in to the system, and register devices, using their Active Directory credentials.
SUPPORT | 720-204-4500 | 800-352-0248
- Contact Axcient Support at https://partner.axcient.com/login or call 800-352-0248
- Free certification courses are available in the Axcient x360Portal under Training
- To learn more about Axcient products, sign up for a free one-on-one training
- Subscribe to the Axcient Status page for updates and scheduled maintenance
1503