You are here: Help Topics > Setup > Data Store Administration Tool > Integrate with Active Directory

Integrate with Active Directory

Through integration with Active Directory, you can import existing user data, such as user names and login credentials, into a data store. Users can authenticate Working Papers with the same login information that they use for the company network (known as single sign-on), rather than completing an extra step.

To enable Active Directory integration:

  1. Launch the Data Store Administration Tool. Ensure you are connected to the applicable data store.
  2. Click the Active Directory group.
  3. Select Enable Active Directory Integration.

Active Directory integration is enabled. The following options become available after enabling integration:

Option Description
Enable certificate-based PKI smart card authentication Select to enable smart card authentication. Enter the firm's OCSP server URL in the text field to activate.
Active Directory must be connected to allow authentication Select to disallow authentication using cached credentials. If Active Directory is not available then users will not be able to log in.
Allow Active Directory authenticated users only

Select to allow Active Directory authenticated users only. If selected, the Working Papers option Tools | Change Identity will be disabled. If it is not selected then mixed types of users can log in.

Connect to the following Active Directory Server

Select to active directory server to use.

  • Default LDAP server: Select to connect to the LDAP server that is set up in the Data Store Administration Tool.
  • Non-default LDAP server: Select to connect to a non-default LDAP server. You will require the server's host name and port.

Note: With the change from LDAP communication to LDAPS, we can confirm that the Data Store Administration Tool will operate on secure port 636, but you must configure it as a part of a non-default LDAP server. Existing users will only need to change to the non-default port in the data store setup and for changes to clients.

Filter

Use the Filter field when importing users with Enable Active Directory Integration selected. You can specify expressions to filter based on built-in or custom user attributes and Windows group memberships. Wildcards are supported. For more information, see Active Directory import filters.

Synchronize with Active Directory Click this button to launch the Active Directory Integration dialog.

Import users and groups

You can import users and groups from Windows Active Directory to enable single sign-on for the Working Papers application. Imported users and groups can be synchronized at any time to reflect new, deleted or modified accounts in Active Directory; these accounts cannot be modified from Working Papers.

Consider the following before importing users and groups from an Active Directory:

  • All users from the group will be imported unless they are set as Inactive.
  • For groups that contain sub-groups, only users from the sub-group will be imported (sub-groups themselves are not automatically imported). Users are imported as part of the top- level group.
  • New users of the group will be imported to the data store the next time Active Directory is synchronized.
  • Users removed or deleted from a group will be removed from the data store the next time Active Directory is synchronized.
  • Removing or deleting a group will result in all users of that group to be removed from the data store (assuming users are not members of another imported group).

To import users and groups from an Active Directory:

  1. Launch the Data Store Administration Tool. In the Active Directory group, ensure that Active Directory integration is enabled.
  2. Complete the other Active Directory options as required.
  3. Click Synchronize with Active Directory. The Active Directory Integration dialog displays with a list of all available users and groups to import.
  4. If required, set the Default Offline Password. This password is shared for all logins and enables users to access the data store even if Active Directory authentication is unavailable. You can also select the options to include user initials and middle name in the import if necessary.

  5. Expand the groups containing users you want to import. Under the Synchronize column, select the box next to each user and sub-group that you want to import. Click OK.

The selected users and groups are imported to the data store. You can run Working Papers to assign Active Directory users and groups to Working Papers groups or global groups. When you assign users to a global group (either explicitly or from Active Directory groups), they receive the rights and access levels defined for the group.