Note: this is an On-Premises feature only.
OpenAsset supports LDAP/Active Directory integration. To configure these settings, navigate to 'Security' > 'LDAP / Active Directory' within your Settings menu.
LDAP / Active Directory
OpenAsset can integrate seamlessly with Active Directory (AD) to perform the following tasks:
- Authenticate passwords
- Automatically detect new users and create access privileges for OpenAsset
- Find users in an unlimited number of AD folders
- Log users straight in with Single Sign-On
If OpenAsset is set up to talk to Active Directory then your users will need to enter their normal Windows passwords, these will stay in sync when they are forced to change them.
OpenAsset supports any LDAPv3 compliant directory server, which includes AD for server 2000 & 2003. AD integration only takes minutes to set up through a web interface.
The following information about each of your AD domains is summarised:
- Domain – AD domain
- Address – AD IP address
Navigate to 'Security' > 'LDAP / Active Directory' within your Settings menu. To edit a domain click 'Edit'.
The following items can be edited:
- Name – Locked
- Primary server address:port (optional)
- Secondary address:port (optional)
- Base path
- Management account
- Username field
- Full name field
- Use TLS encryption
- Email field
Click 'Save Changes' to save you changes.
Add New Container
Containers can be very useful if your company has more than one branding style. Containers can be used to set up 'themes', 'templates' and other preferences for different branding needs within one company. For example, if you have offices in more than one country, the branding may be different for each office.
To add a new container to the AD domain click 'Add New Container'. Enter the name of the new container and click 'Add Container' to save you changes. This will take you to the next screen, make any changes needed, at this stage you can ask OpenAsset to look in any sub-containers by ticking the 'Include Sub-containers' box.
Click 'Save Changes'.
To edit a container click 'edit'. The following items can be edited:
- Include sub containers
It is not usually necessary to set the default groups according to LDAP / Active Directory containers, it is often sufficient to set the global default groups.
LDAP Container Search Order
The 'display order' field for an LDAP / Active Directory container allows you to control the order in which containers are searched when locating a user account.
Multiple LDAP Domains
If you have more than one LDAP / Active Directory domain please contact support for guidance on configuration.