From what I understand, to use Active Directory for user access, All you need to do is add an authenticating profile and select ‘Active Directory’.
Fill in the ‘Name’, ‘Domain’, ‘Gateway Username’, ‘Gateway Password’, ‘Primary Domain Controller Host’, ‘Primary Domain Controller Port’. Is This all that is needed on the PMI side?. Are there any additional steps required on the ‘Active Directory’ side?
You will configure groups in Active Directory that will be used for permissions. This is usually done in a Microsoft Management Console under “Active Directory - Users and Groups”. Windows user accounts can be members of these groups. When the FactoryPMI user authenticates against the active directory source, the user is given a list of group names of which he is a member. On the PMI end these work exactly the same as groups from any other authentication profile (internal or database). You can enable/disable access to windows or components based on a user’s group memberships. You can also programmatically access this via Jython scripting.
For brevity's sake, the answer would be, yes, thats all that is required on the PMI side. That, and using the newly created profile for a project or for the system. You shouldn't need to do anything special on the AD side.
Thanks for your responses.
when you write ‘the user is given a list of group names of which he is a member’, does this mean that the group in Active Directory work as the ‘roles’ in internal authentication?
Yes, you are correct. A Windows user’s Active Directory group memberships become his FactoryPMI user’s roles. I need to straighten out my terminology. When I said “groups” earlier in reference to FactoryPMI, I should have used the term “roles”.
Roles are used consistantly throughout FactoryPMI from any authentication source (Internal, Active Directory, or SQL Database). You can think of a “role” as a string (it’s name). This allows you to create a project with several different compatible authentication sources. You can switch the source if it goes down, or better yet, configure a primary and secondary authentication source for a project.
[quote=“qurban”]Thanks for your responses.
when you write ‘the user is given a list of group names of which he is a member’, does this mean that the group in Active Directory work as the ‘roles’ in internal authentication?[/quote]