Clients that are using our On-Premises solution have the option of using Active Directory (AD) for passwords, allowing them to reduce the number of passwords each user needs to remember for each system they access.
When the Active Directory authentication is configured, your team members can use the Active Directory authentication instead of the built-in password authentication of QAComplete.
When a check box in the profile record of the user is selected, the user authenticates with Active Directory instead of the QAComplete authentication. If using Active Directory, the login takes the lookup value for the user from their user profile, checks Active Directory to find out what attribute to use to validate the value (the lookup value in the query attribute that you have decided on), and performs the authentication.
To set up the Active Directory authentication, you will need to gather certain information:
- LDAP Connection URL
- User base
- Lookup user name and password
This data is used to access Active Directory and perform the authentication. The setup also needs to know a default project, security group and time zone for new users created from Active Directory, and who needs to be notified when the users are added.
If using an email address as the query attribute, you can add an additional layer of security. If the user is not found in Active Directory but is found in Security > Users, the email login address can be automatically disabled in Users. This allows you to switch completely over to Active Directory and turn off any existing logins that you no longer want.
In another scenario, if the user is found and authenticated in Active Directory but is not a QAComplete user, you can choose to automatically create a valid user.