Versions Compared

Old Version 4

changes.mady.by.user Luc Richard

Saved on

compared with

New Version 5

changes.mady.by.user Luc Richard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

The integration services described herein require additional one-time and/or annual fees. For more information, please contact us.

When the learning environment is integrated to your Active Directory (Microsoft Entra ID (formerly known as Azure AD) via LDAPS, it can:

  1. Auto-discover users in your AD Entra ID server and create their account in the learning environment (e.g. download their information).

  2. Update the users' information in the learning environment (i) once a day (for all users) and (ii) every time the user logs in the learning environment (for that specific user account).

  3. Authenticate the users directly against AD Entra ID each and every time they try to log in the learning environment.

  4. Rename users in the learning environment if they are renamed in Active Directory.

IMPORTANT NOTE: The learning environment doesn't download nor store the user's password. It sends a request to your AD server each and every time a user tries to log in.

  1. Entra ID.

User Information

In order for AD LDAPS authentication to work, the learning environment needs to store some user information in its database. At a minimum, it needs the following information:

...

If this information is stored in your ADEntra ID, then the learning environment can auto-discover users in your AD Entra ID server and create / update their account in the learning environment's database. Otherwise, if those 4 fields are not available, the learning environment can import user profile information from your HRIS (Human Resources Information System) or even a CSV file. The source of the information is not important, but it is important that the information be available. The learning environment will not create user accounts if any of the above 4 fields are missing.

...

  1. You must accept SSL requests (LDAPS) from the learning environment on a secure port (usually port 636). This means that your firewall will need to allow requests from the learning environment over a secure port (usually port 636).

  2. You will need to create a non-privileged AD user account that will be used to bind the learning environment to AD. Make sure this account and its password do NOT expire. Should it expire, the synchronization and authentication of your users will no longer work.

Domain-Based Authentication

Info

This feature is only available to organizations that have subscribed to the Multi-site version of the system. For more information, please contact us.

In a /wiki/spaces/Healthcare/pages/34844303, it's quite common for the learning environment to connect to multiple Active Directory servers. In many cases, there could be conflicts between the usernames across two or more Active Directory servers. For example, there could be a user with the username "jsmith" in both Active Directory servers.

The multi-site version of the learning environment supports domain-based authentication. When enabled, the system can allow two users with the same Active Directory username (e.g. samAccountName) to login the learning environment by specifying their domain as per the screenshot below.

...

Important Notes

  • The learning environment doesn't download nor store the user's password. It sends a request to your Entra ID server each and every time a user tries to log in.