Active Directory Integration
KB Article #:
82259
Summary:
Active Directory Integration
Description:

Resolution:

  • First, some clarification:
    • What is entered into the Email box under Employee Setup in Ajera does not represent any actual email address.
    • It needs to be Active Directory User Account Name @ Email Domain entered in Company Preferences.
  • If the setup looked like this:
    • AD_USER @ AD_DOMAIN.COM
    • EMAILBOX @ EMAIL_DOMAIN.COM
  • In Ajera Employee Setup enter this:
    • AD_USER @ EMAIL_DOMAIN.COM
  • To use the AD integration do the following:
    1. In Company > Preferences > System Settings tab
    2. Select the Email Login Type. Check the Use Active Directory Login box
    3. Enter the email domain used in Employee Setup as the Email domain. This domain is not accessed. It is only used to compare with the domain entered at login to see if Active Directory integration should be used.
    4. In the example above it would be EMAIL_DOMAIN.COM
    5. Enter the Active Directory domain the will be accessed to retrieve passwords as the Lookup domain.
    6. In the example able it would be AD_DOMAIN.COM
    7. In Employee Setup Enter the AD_USER @ EMAIL_DOMAN.COM for each user.

Notes:

  • Purposely (and temporarily) alter the email domain of the email in Employee Setup for the Ajera administrator so that is does not match the email domain listed in the System Settings tab in Company Preferences. This will mean that they will not be using AD integration but would just enter the altered email and the password listed in employee setup to login (email login). This allows testing with another employee's email and AD password to see if the integration is working. If things are not setup correctly, you can still log in as the Ajera administrator and access Company – Preferences by using the altered email and the Ajera password. Once Active Directory Integration is working properly, change the Ajera administrator's email domain to the correct one and the Ajera administrator can start logging in using their AD password.
  • If the email username and the AD username are not the same then the email in Ajera setup is not an actual email and Alerts will not work correctly. Alerts, when triggered, will email the AD email in Employee Setup. If this is not the same as the actual email address, the email will fail.

How Ajera determines what username and password to accept when set to Active Directory Logon:

  • What Ajera does is look at the email entered as the username during login
  • It then looks in Ajera employees to find a match.  If there is not match the login will fail.
  • If it matches it then looks to see if the email's domain matches the email domain in Settings.
  • If it does not match, Ajera will use the password listed under employee setup that uses the matching email (email login).
  • If it does match, it will then query the AD server for the domain listed under Lookup Domain in Settings using the AD email account and the lookup domain together.  This should actually match the AD user account and domain.
  • If the user account is found in that AD domain it will use the password for that AD account (AD Integration login).
  • If the user account is not found the login will fail.
 
Details  
 
To view full details, log in with your Deltek Support Center account.
Print