Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

The integration services described below generally require a one-time integration fee. For more information, please contact us.

Many hospitals and healthcare organizations use Active Directory (AD) to manage their users' credentials (username and password) and to some extent, user profile information (i.e. first name, last name, group). The learning environment allows the synchronization and authentication of users against your organization's AD using the LDAP protocol. When enabled, the learning environment will:

  1. Import users from your AD to the learning environment
  2. Synchronize the user's information (i) once a day (for all users) and (ii) every time the user logs in the learning environment (for that specific user account)
  3. Authenticate the users directly against AD instead of verifying their username and password in the learning environment.

User Information

In order for AD authentication to work, the learning environment needs to store some user information in its database. At a minimum, it needs the following information:

  • Username
  • First name
  • Last name
  • Email address

If this information is stored in your AD, then the learning environment can import it directly from AD. Otherwise, it can import it from your HRIS (Human Resources Information System) or even a CSV file. The source of the information is not important, but it is important that the information be available. The learning environment will not create user accounts if any of the above 4 fields are missing.

The rest of the information (i.e. job title, department, telephone) is optional and does not need to be imported in the learning environment. If you decide not to import additional information however, please note that this information will not be available in the various reports and learning records available in the learning environment.

Assumptions

There are a couple of rules that need to be respected in order for the integration to work:

  1. You must accept SSL requests (LDAPS) from the learning environment on a secure port (usually port 636). This means that your firewall will need to allow requests from the learning environment over a secure port (usually port 636).
  2. You will need to create a non-privileged AD user account that will be used to bind the learning environment to AD. Make sure this account and its password do NOT expire. Should it expire, the synchronization and authentication of your users will no longer work.

Configuration Information

Dual Code will need the following information in order to complete the configuration of the AD integration:

  • Server URL: The IP of your Active Directory server (ex: ldaps://myactivedirectory.com:636)
  • LDAP protocol (ex: version 3)
  • Server Encoding: Encoding used by AD (ex: UTF-8)
  • Bind DN: The distinguished name of the bind user (ex: CN=bind-user,CN=Users,DC=example,DC=com)
  • BIND Password: The bind user password
  • User Context: The DN of the context (container) where all of your users are found (ex: ou=moodleusers,dc=example,dc=com)
  • User Attribute: The attribute used to name/search users in AD. (ex: sAMAccountName or cn)
  • The exact attribute name of all the attributes in Active Directory that you want to upload to the learning environment (ex: first_name, last_name, department, job_title, telephone)
  • The URL of the web page where users can reset their password (ex: https://resetpassword.myorganization.com)

Testing Procedure

In order for Dual Code to properly test that the authentication works, we generally like to have 1 or 2 user accounts created for testing purposes. These accounts allow us to log in the LMS using Active Directory credentials just like your users would.

 

  • No labels