Page Comparison

Many hospitals and healthcare organizations use Active Directory (Microsoft Entra ID (formerly known as Azure AD) to manage user passwords. The learning environment allows the synchronization and authentication of users against your organization's AD using the LDAP protocol. When enabled, the learning environment will:

1. Import all users from your AD to the learning environment
2. Synchronize the user's information (i) once a day (for all users) and (ii) everytime the user logs in the learning environment (for that specific user account)
3. Authenticate the users directly against AD instead of verifying their username and password in the learning environment.

User Information

In order for AD authentication to work, the learning environment needs to store some user information in its database. It therefore needs to import the following information (at a minimum) from AD for each user account:

• Username
• First name
• Last name
• Email address

The rest of the information (ie. job title, department, telephone) is optional and does not need to be imported in the learning environment. If you decide NOT to import additional information however, please note that this information will not be available in the various reports and learning records available in the learning environment.

Assumptions

There are a few rules that need to be respected in order for the integration to work:

1. You must be using a single domain as the source of your authentication data in order for the integration to work. The use of multiple domains is not supported by the learning environment.
2. You must accept SSL requests (LDAPS) from the learning environment on a secure port (usually port 636). This means that your firewall will need to allow requests from the learning environment over a secure port (usually port 636)
3. You will need to create a non-privileged AD user account that will be used to bind the learning environment to AD. Make sure this account and its password do NOT expire. Should it expire, the synchronization and authentication of your users will no longer work.

Configuration Information

Dual Code will need the following information in order to complete the configuration of the AD integration:

• Server URL: The IP of your Active Directory server (ex: ldaps://myactivedirectory.com:636)
• LDAP protocol (ex: version 3)
• Server Encoding: Encoding used by AD (ex: UTF-8)
• Bind DN: The distinguished name of the bind user (ex: CN=bind-user,CN=Users,DC=example,DC=com)
• BIND Password: The bind user password
• User Context: The DN of the context (container) where all of your users are found (ex: ou=moodleusers,dc=example,dc=com)
• User Attribute: The attribute used to name/search users in AD. (ex: sAMAccountName or cn)
• The exact attribute name of all the attributes in Active Directory that you want to upload to the learning environment (ex: first_name, last_name, department, job_title, telephone)
• The URL of the web page where users can reset their password (ex: https://resetpassword.myorganization.com)

Testing Procedure

In order for Dual Code to properly test that the authentication works, we generally like to have 1 or 2 user accounts created for testing purposes. These accounts allow us to log in the LMS using Active Directory credentials just like your users would.their users' credentials (username and password) and to some extent, user profile information (i.e. first name, last name, email address). The learning environment allows the synchronization and authentication of users against your organization's Entra ID server AD using SAML 2.0 or LDAPS.