Tip:
Highlight text to annotate it
X
SPEAKER: If your team uses any of the SoftwarePlanner Suite
of Products, including ALMComplete, DevComplete, or
QAComplete, with the On-Premises Edition, formally
called the Enterprise Edition, you have some additional
capabilities that allow you to secure things
using Active Directory.
By utilizing the Active Directory Authentication, it
simplifies the password management for your team.
With this Active Directory authentication, it allows your
team to authenticate SoftwarePlanner login
passwords using the Active Directory password that you've
previously set up.
It also allows SoftwarePlanner accounts to be automatically
set up if a new user is added to Active Directory but not
yet set up in SoftwarePlanner.
Finally, it also allows users that have been disabled from
Active Directory to automatically be disabled from
SoftwarePlanner.
So if one of your team members leaves your company and you
disable them from Active Directory, it'll automatically
disable them from SoftwarePlanner.
Before your team can use the active directory
configuration, you'll first need to give security
authority to the right group of people to allow them to set
this preference up.
To do that, go into the set up area, then go into Security,
and then go into Security Groups.
If your security administrators are the ones
that normally set up the preferences for the
application, that might be a good set of people to give
that right to.
And to do that, you simply go to the Security Group, press
on the Manage Security Rights area, and then it'll take you
to a list of rights.
If you scroll down to the bottom of the list of rights,
one of the items that you're going to see here is called
Manage Active Directory Authentication.
As long as this group of people have that access, then
you'll be able to manage that Active Directory
Authentication directly here from the product.
To get to that area once that's checked, go to System
Configuration, then Active Directory Authentication.
Once here, you'll put in your LDAP
connection URL in this field.
You'll also put in your domain and your domain controller
right here in the user base area.
The look up username is the Active Directory name that you
would like for it to use when it looks up the information
about a user as they log in.
And then the password for the user look up would be your
Active Directory password that has the credentials to be able
to look up user accounts during a login process.
The Query Attribute allows you to specify how you would like
those user accounts to be looked up.
For example, within the SoftwarePlanner line of
products, all of the user accounts are
set up by email address.
The Query Attribute here can be set up for account name.
So if you don't carry the email address inside of Active
Directory, then you can use, for example, an account name.
If you prefer to use email, you can use
email in this area.
Once you've defined your LDAP connection information, you
can also test your LDAP authentication by simply
typing in your email address, password, and your Active
Directory account user look up value here.
And then it will query your Active Directory to ensure
that the connection is valid.
The last part of the set up area allow you to tailor how
SoftwarePlanner Active Directory options will work.
For example, log each Active Directory password
authentication.
This option allows you to post all of the authentication
events to an audit file.
This is great for troubleshooting and Active
Directory authentication or configuration issues.
The next area says, at login automatically create a new
SoftwarePlanner account if successfully authenticated in
Active Directory.
You want to check this box if you want your Active Directory
users to automatically set up in SoftwarePlanner without any
intervention from you.
You must be using an email address as the Query attribute
for this particular process to work.
The next four fields on the screen are the default
settings for SoftwarePlanner users created from Active
Directory authentication, which occurs
when this is checked.
For example, what project do you want those new users to be
added to automatically?
All projects, or a specific project?
When the new users are added to the security group, which
security group should they be added to?
You can choose that here.
You can also choose a default time zone for any new users
that are added.
So if most of your people are here in, let's say, the
Eastern part of the United States, you might want to
choose GMT minus 5.
Finally, if you'd wanted to send an email to one or more
people once a new user was added automatically, you can
type in your email address here and it will send the
appropriate email when someone new is added.
Next, you'll see an area here where you can actually specify
that a new user was set up.
For example, this is the email body that would be sent to the
person in this send notification email to.
So if you wanted to have the email say that a new Active
Directory user has been added to SoftwarePlanner, that's
what the email will say once you receive that email.
The final option here says at log on, if the user cannot be
found in Active Directory, do you want to do disable that
SoftwarePlanner user account?
This is a good option because if you have set it up so that
maybe a person from your team leaves your company and you
disable them in Active Directory, this particular
item here will prevent them from logging in to
SoftwarePlanner.
Because it'll automatically disable that account once it
figures out that the Active Directory
account has been disabled.
Once your Active Directory is set up and you've tested the
authentication, the next thing that you'll want to do is
begin setting up users within SoftwarePlanner.
To do that, you simply go to the users area, and if you'd
like to add a new user you can press Add New.
Once here, fill in all of the details.
The information that's related to the Active Directory is
down here, Active Directory User.
If you check that, as the person logs in, rather than
confirming the password that's stored here inside of
ALMComplete, it will verify against the
Active Directory password.
Once this is set up as an Active Directory user, you'll
also need to specify here what the Active Directory
account set up is.
For example, if you're doing it by Active Directory name,
then it might be the last name comma first name.
If you're doing the look up by email address, then it might
be an email address.
So as you can see here, you can have some users within
SoftwarePlanner use Active Directory for their security
needs, while others don't use Active Directory.
So it gives you a lot of flexibility in
how you can use this.
This concludes the topic of Active Directory
authentication.
We hope you enjoyed this feature.