Setting up Legacy AD User Sync and Authentication Follow
There are 3 steps to configuring AD with Telmediq. Please note that this is for the old AD Agent.
Step 1. Create the AD Agent Configuration
Step 2. Create the AD User Sync
Step 3. Download, install and configure the AD Agent (Found here: https://downloads.telmediq.com/agent/latest/TelmedIQAgentSetup.msi)
Note: Users must have an email address to be synced into Telmediq.
Before you begin you will need the following information:
- The URL of the AD Server
- Username and password of a user that has both query and read permissions for the AD/LDAP server.
- Base DN – The prefix for DN in the group mappings.
- LDAP Search Query – The search query that will be used to find the users that will be synced to Telmediq.
An example LDAP Search Query:
(&(objectCategory=person)(objectClass=user)(memberOf=CN=Hospitalist,CN=Users,DC=telmediq,DC=local)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
A breakdown of the query is as follows:
- (objectCategory=person) – selects only objects belonging to the person category. This includes contacts and users.
- (objectClass=user) – selects only objects belonging to users. This includes system accounts and users.
- (memberOf=CN=Agassi,CN=Users,DC=telmediq,DC=local) – Selects user objects that are a member of the group with the name “Hospitalist” belonging to the base DN of DC=telmediq,DC=local
- (!(userAccountControl:1.2.840.113556.1.4.803:=2)) – selects only active objects
Step 1. Create the AD Agent Configuration
- Click on your name in the top right-hand corner, and choose "Account Settings".
- Click on "AD Agents" in the Miscellaneous section.
- Click on the “+Add” option at the top right of the screen.
- On the “Create Ad Agent Configuration” screen, fill in the fields and click “Save”.
- Name – This will be the name displayed in the list of Agents throughout Telmediq.
- Server URL – The URL of the AD server
- Username – Username of a user that is allowed to query the AD/LDAP server.
- BaseDN – The prefix for DN in the group mappings.
- The settings will save and the new AD Agent Configuration will be listed on the “Agents” page. Take note of the “Token” that has been generated and displayed on the “Agents” page. It will be needed for Step 3.
Step 2. Create the AD User Sync
- In “Account Settings” click on “AD/LDAP User Sync” in the User Management section.
- Click on the “+Add” option at the top right of the screen.
- On the “AD/LDAP User Sync > New” screen, fill in the fields and click “Save”.
- Name – This will be the name displayed in the list of AD/LDAP User Syncs.
- Agent – This will be a drop-down list of the Agents that exist in Telmediq. Select the one created in Step 1.
- Enable Authentication – Check this box if you will be using AD to authenticate the users when they sign in to Telmediq. This setting can be changed at a later time if you choose not to use authentication to start with.
- The settings will save and additional settings will be displayed.
- Field Mappings - These are the fields that will be synced for the users. The complete list of values supported by the user sync are:
- Username: by default, this is mapped to the AD field sAMAccountName
- Email: by default, this is mapped to the AD field mail
- First Name: by default, this is mapped to the AD field givenName
- Last Name: by default, this is mapped to the AD field sn
- Title
- Mobile Number
- Home Number
- Pager Email
- Group Mappings - Configuration of at least one group mappings will allow for users to be synced.
- DN suffix – The BaseDN provided in the Agent is used. A DN suffix can also be provided if applicable.
- LDAP search query – The search query that will be used to find the users that will be synced to Telmediq.
- Group – Select from the list of permission groups available for the account. For example, if you are syncing a group of mobile users then the “Mobile Users” group can be selected. This permission group will be assigned to the users when they are synced.
- Is Admin group – check this box if the users in this group will be using a password in Telmediq instead of AD Authentication.
- Department Mappings - Configuration of department mappings will assign the users to the specified department when they are synced.
- DN suffix – The BaseDN provided in the Agent is used. A DN suffix can also be provided if applicable.
- LDAP search query – The search query that will be used to find the users that will be synced to Telmediq.
- Department – Select from the list of departments available for the account.
Step 3. Download and install the AD Agent
The AD agent is a lightweight Windows service. It can be installed directly to a domain controller, an existing application server, or to a VM. If a VM is needed, our recommendation is the newest version of Windows Server. The minimum requirements given are the minimum requirements to run this OS. As of the time of writing, this is below:
Windows Server 2016 Minimum System requirements:
- Processor: 1.4Ghz 64-bit processor
- RAM: 512 MB
- Disk Space: 32 GB
- Network: Gigabit (10/100/1000baseT) Ethernet adapter
- Optical Storage: DVD drive (if installing the OS from DVD media)
- Video: Super VGA (1024 x 768) or higher-resolution (optional)
- Input Devices: Keyboard and mouse (optional)
- Internet: Broadband access (optional)
- Download the AD Agent found here: https://downloads.telmediq.com/agent/latest/TelmedIQAgentSetup.msi
- From a computer behind your firewall that can both access the internet and access the AD server, install the AD Agent.
- Once it has installed, open it from the start menu, or in Google Chrome open http://localhost:8080/ and click on “Add” to add an Ad Agent Configuration
- On the “Add AD Agent configuration” screen, fill in the fields and click “Continue”.
- Configuration name – This will be the name displayed in the list of Agents throughout Telmediq.
- Telmediq account domain – The URL for the Telmediq website in the form of <<subdomain>>.app.telmediq.com, for example, demo.app.telmediq.com
- Ad Agent token – The token listed with the Agent configuration from Step 1.
- The "Modify AD Agent configuration" screen displays, fill in your password, and click on "Test Credentials".
- Once it is validated click on "Save".
- The setup is now complete.
Notes:
- Use LDP to validate filters retrieve the appropriate users.
- Use ADSIedit.msi to retrieve DN for groups.
Comments
0 comments
Article is closed for comments.