Active Directory Import
You can import users and groups from Windows Active Directory to enable single sign-on for the Working Papers application. With single sign-on enabled, users can use their domain credentials (Windows username and password) to automatically log in to Working Papers. Imported users and groups can be synchronized at any time to reflect new, deleted, or modified accounts in Active Directory; these accounts cannot be modified from Working Papers.
For Active Directory groups, there are additional considerations when importing to the Data Store:
- All users from the group will be imported.
- For groups that contain sub-groups, only users from the sub-group will be imported (that is, sub-groups themselves are not automatically imported). Users are imported as part of the top- level group.
- New users of the group will be imported to the Data Store the next time Active Directory is synchronized.
- Users removed or deleted from a group will be removed from the Data Store the next time Active Directory is synchronized.
- Removing or deleting a group will result in all users of that group to be removed from the Data Store (assuming users are not members of another imported group).
The Data Store can manage users in conjunction with Windows using the LDAP protocol to check the user’s login and workstation hostname for logins. Hostnames can be up to 260 characters in length when validating Active Directory logins.
Once users and groups have been imported to the Data Store, you can run Working Papers to assign Active Directory users and groups to Working Papers global or local groups. When users are assigned to a global group in Working Papers (either explicitly or via Active Directory groups), they will be granted the Protection Rights defined for the global or local group.
- The Active Directory Import is available only if a Data Store is being used and if Active Directory Integration is turned on in the Administrator options dialog (Tools | Options | Data Store | Administrator Options).
- If a Time-integrated Data Store is being used, users are imported as non-Timekeepers for Time. If a user is to be designated as Timekeeper, the user must be explicitly set as such in the Staff dialog in Time.