Setting up AD User Sync and Authentication

There are 3 steps to configuring AD with SmartPager.

Step 1. Create the AD Agent Configuration

Step 2. Create the AD User Sync

Step 3. Download, install, and configure the AD Agent

 Note: User's must have an email address to be synced into Telmediq.

Before you begin you will need the following information:

  1. The URL of the AD Server
  2. Username and password of a user that has both query and read permissions for the AD/LDAP server.
  3. Base DN – The prefix for DN in the group mappings.
  4. LDAP Search Query – The search query that will be used to find the users that will be synced to SmartPager.

An example LDAP Search Query:

(&(objectCategory=person)(objectClass=user)(memberOf=CN=Hospitalist,CN=Users,DC=telmediq,DC=local)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

A breakdown of the query is as follows:

  • (objectCategory=person) – selects only objects belonging to the person category. This includes contacts and users.
  • (objectClass=user) – selects only objects belonging to users. This includes system accounts and users.
  • (memberOf=CN=Agassi,CN=Users,DC=telmediq,DC=local) – Selects user objects that are a member of the group with the name “Hospitalist” belonging to the base DN of DC=telmediq,DC=local
  • (!(userAccountControl:1.2.840.113556.1.4.803:=2)) – selects only active objects

  

Step 1. Create the AD Agent Configuration

  • Click on your name in the top right hand corner, and choose "Account Settings".
  • Click on "Agents" in the Miscellaneous section.
  • Click on the “+Add” option at the top right of the screen.
  • On the “Create Ad Agent Configuration” screen, fill in the fields and click “Save”.
    1. Name – This will be the name displayed in the list of Agents throughout SmartPager.
    2. Server URL – The URL of the AD server
    3. Username – Username of a user that is allowed to query the AD/LDAP server.
    4. BaseDN – The prefix for DN in the group mappings.
  • The settings will save and the new AD Agent Configuration will be listed on the “Agents” page. Take note of the “Token” that has been generated and displayed on the “Agents” page.  It will be needed for Step 3.

 

Step 2. Create the AD User Sync

  • In “Account Settings” click on “AD/LDAP User Sync” in the User Management section.
  • Click on the “+Add” option at the top right of the screen.
  • On the “AD/LDAP User Sync > New” screen, fill in the fields and click “Save”.
    1. Name – This will be the name displayed in the list of AD/LDAP User Syncs.
    2. Agent – This will be a drop down list of the Agents that exist in SmartPager. Select the one created in Step 1.
    3. Enable Authentication – Check this box if you will be using AD to authenticate the users when they sign in to SmartPager. This setting can be changed at a later time if you choose not to user authentication to start with.
  • The settings will save and additional settings will be displayed.
  • Field Mappings - These are the fields that will be synced for the users. The complete list of values supported by the user sync are:
    1. Username: by default, this is mapped to the AD field sAMAccountName
    2. Email: by default, this is mapped to the AD field mail
    3. First Name: by default, this is mapped to the AD field givenName
    4. Last Name: by default, this is mapped to the AD field sn
    5. Title
    6. Mobile Number
    7. Home Number
    8. Pager Email
  • Group Mappings - Configuration of at least one group mappings will allow for users to be synced.
    1. DN suffix – The BaseDN provided in the Agent is used. A DN suffix can also be provided if applicable.
    2. LDAP search query – The search query that will be used to find the users that will be synced to SmartPager.
    3. Group – Select from the list of permission groups available for the account. For example, if you are syncing a group of mobile users then the “Mobile Users” group can be selected. This permission group will be assigned to the users when they are synced.
    4. Is Admin group – check this box if the users in this group will be using a password in SmartPager instead of AD Authentication.
  • Department Mappings - Configuration of department mappings will assign the users to the specified department when they are synced.
    1. DN suffix – The BaseDN provided in the Agent is used. A DN suffix can also be provided if applicable.
    2. LDAP search query – The search query that will be used to find the users that will be synced to SmartPager.
    3. Department – Select from the list of departments available for the account.

 

Step 3. Download and install the AD Agent

  • In “Account Settings” click on “Download" in the User Management section.
  • Download the AD Agent.
  • From a computer behind your firewall that can both access the internet and access the AD server, install the AD Agent.
  • Once it has installed, open it and click on “Add” to add an Ad Agent Configuration
  • On the “Add AD Agent configuration” screen, fill in the fields and click “Continue”.
    1. Configuration name – This will be the name displayed in the list of Agents throughout SmartPager.
    2. TelmedIQ account domain – The url for the SmartPager website in the form of <<subdomain>>.app.telmediq.com, for example demo.app.telmediq.com
    3. Ad Agent token – The token listed with the Agent configuration from Step 1.
  • The "Modify AD Agent configuration" screen displays, fill in your password and click on "Test Credentials".
  • Once it is validated click on "Save".
  • The setup is now complete.

Notes:
- Use LDP to validate filters retrieve the appropriate users.

- Use ADSIedit.msi to retrieve DN for groups. 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk