Support

Active Directory – Help Desk Premier Integration

 

Active Directory Integration Introduction

Help Desk Premier seamlessly integrates with your Active Directory environment to synchronize the users between the two systems based on simple and flexible rules. The rules designate which AD users, based on their group or OU, have access to Help Desk Premier, and what user type (Technician, Requester or Admin) security role(s) they are granted. For instance, an AD group for your help desk technicians can easily be mapped to Help Desk Premier security roles, and grant those users access to the areas of Help Desk Premier that you would want a technician to have. Or you can map an AD group to Help Desk Premier, but designate those users as Requestors. You can then grant them access to the Customer Self Service Portal.

The following document gives you step-by-step detail on synchronizing AD users into Helpdesk Premier.

 

Active Directory Integration Pre-Requisites

In order to use AD Integration you will need to be familiar with the following:

  1. Active Directory Domain: You will need to provide the details for setting up connectivity with your Domain.
  2. Help Desk Premier Security Roles and Organizations: If you choose to use any one of these then you will need to define both of these in before starting the AD integration.

 

Active Directory Integration User Interface

 

  1. Launch the Active Directory Integration option from the Side Navigation Panel.  It can be found under the Administration panel, and is specifically located under Users | Active Directory.
  2. The Active Directory Integration interface has two modes.  The initial mode shows a list of domains (if any have been defined), and allows you to create synchronization rules for any defined groups or OU’s in those domains.
  3. This mode of the AD Integration Interface is basically divided into four sections
    1. Toolbar – contains different action buttons, such as Add Domain and Sync Settings.
    2. Left Pane– lists your domains and the Active Directory groups and OU’s for which you can create synchronization rules.
    3. Middle pane – Shows list of Active Directory Users for selected group or OU.
    4. Right action menu – Contains a list of actions that can be taken against the selected item (domain, group, etc).  Only applicable action items will be enabled based on what you have selected in the other sections.  For example, if you have selected an Active Directory group that does not have a rule currently defined for it, the “Add Rule” action item will become enabled because you can add a rule for that group.  However, if you select an AD group that already has a rule defined, the Edit Rule button will become enabled.

Active Directory Domain UI

 

4.  If you click “View Rules” from the toolbar…

Active Directory Rules

 

5.  …the interface changes to show you a list of all defined rules, and allows you to run or modify any of them:

Active Directory Integration Rules

 

6.  The View Rules button changes to View Domains, which will take you back to the domain view you were on previously.

Sync Settings

Click Sync Settings on the toolbar to define what Active Directory data will be imported into Help Desk Premier.  The standard Active Directory fields will appear and be selected by default:

Active Directory Fields

If you utilize custom fields in Active Directory and which to map these to Help Desk Premier custom fields, just click the checkbox labelled “Display custom fields available for users in active directory” (highlighted above) and the Custom Fields tab will become visible.

Custom Fields: The Custom tab lists all of the Custom attributes that exist in your installation of Active Directory.  The Information in these attributes can be imported as custom fields in Help Desk Premier.  Note, By default the custom fields will be created in Help Desk Premier with the same name as they have in Active Directory, but if you would like to change the name, you can do so by modifying the content in the textbox.  For example if you wish to import “extensionAttribute 1” as “SSN” you can change it on this tab.

Active-Directory-Custom-Fields

 

Once you have defined the fields you wish to import from Active Directory, click “Save” to save all the Sync settings.  If you do not wish to save your changes, click “Cancel”.

 

Defining a Domain

In order to synchronize your data from Active Directory, you must, of course, provide your domain information.  To do this:

  1. If you are not already on the Domain View, click “View Domains”.
  2. Click Add Domain.
  3. Provide the necessary information to access your Active Directory.

 Active-Directory-Define-Domain

 

On the above “Add Domain” dialog, enter the following:

    • Name: Enter the Fully Qualified Domain Name (FQDN) the Domain Name field.
    • Domain Controller (optional, depending on your environment) – Enter the server name.  A domain controller holds a copy of the Active Directory for the domain to which it belongs.

Note: Name and Domain Controller are typically the same value, which is the fully qualified domain name (e.g. brightbox.com) 

    • NetBIOS Name: Enter the NetBIOS name in the NetBIOS Namefield.

By default, it is the top level qualifier of the domain name (NetBIOS names have a limit of 15 bytes).  Therefore, if your FQDN is brightbox.com, the NetBIOS Name might be “brightbox”.

Check with your network administrator to be sure of the NetBIOS name.

    • User ID: Enter the User ID of a domain administrator in the User ID field.
    • Password: Enter the password for the User ID in the Password field (this value is encrypted in the Help Desk Premier database).

4.  Click Save.

Additional domains can be added by repeating the same add domain process.

When viewing Domains, any Groups or OU’s with a rule defined will have a green check mark beside them.  You can click on this Group or OU to see the associated users.

Active Directory Groups and Users

 

Once you have selected a Group or OU, you can edit or delete the rule, or perform a variety of other actions on it through the Actions panel on the right:

Active Directory Actions Panel

 

Looking at the Actions Panel closer, these are the actions you can perform:

AD-Actions-Panel

Add Rule – Only enabled if a rule is not already defined for this group or OU.   This allows you to create a rule for synchronization.

Edit Rule – Only enabled if a rule is already specified for this group or OU.  With this option you can modify the settings on the particular rule.

Delete Rule – Allows you to delete an existing Rule.

Synchronize – This will be enabled if you have clicked on (selected) a particular group or OU with an existing rule.  This option will run the synchronization process for that rule only.

Set Schedule – Since synchronization between Active Directory and Help Desk Premier typically runs on a schedule, you can use this option to specify how frequently you would like the rule to be synchronized (every hour, once per day, etc).

Change Sequence – Rules are assigned a priority, meaning that if a user exists in more than one group or OU with a rule defined, the rule with the higher priority will take precedence.  Use this option to change the sequence, and therefore the priority, of the defined rules.

Last Sync Log – Allows you to view the log file for the most recent synchronization.

 

Add or Edit Rule

When you click Add Rule or Edit Rule, the following window will appear:

Active-Directory-Rule

 

This window is essentially requesting the same information as the People Setup window in Help Desk Premier.  That is, you must specify the same type of information so that when Help Desk Premier copies a user from Active Directory to Help Desk Premier, it knows what characteristics to give that user.  For instance, are they a Technician?  Are they a Requester?  What Security Role should they have?

The fields on the above window are:

Rule Name – Simply give the rule a name, which will typically be based on the name of the Active Directory Group or OU.  This is used to easily identify the rule from the View Rules window.

Apply to all Sub-Groups and OU’s – If an Active Directory group has nested groups or OU’s, checking this box will cause them to be included in the synchronization process along with the parent item.

Inactive – Simply check this box if you wish to inactivate the rule (prevent it from running) without deleting it.

People Template – Help Desk Premier has extensive customization capabilities, including custom templates for People (Technicians and Requesters).  If you wish to specify a particular template to be used for people being synchronized by this rule, specify it here.  Otherwise the System Template (default) will be used.

User Type – This tells Help Desk Premier whether the person is an Administrator, a Technician or a Requester.  If you select Administrator, the user will automatically be granted full access to Help Desk Premier, including all features and data.  If you select this, you will notice that other items become disabled, such as other user Types, Logon Privileges, etc.  That is because none of these options apply to an Administrator, as they are automatically granted all privileges

If you select Technician or Requester, this means the user will appear in lists of Technicians and/or Requesters when performing various functions in Help Desk Premier (assigning Tickets, etc).  However, this alone does not grant the user access to the application.  You may wish to create a Requester, for example, but not grant them access to the Self Service Portal.  In this way, you can still list them as the Requester for a ticket without granting them logon privileges.  The same is true for Technicians, you can designate a person as Technician but not grant them access to the application.  Perhaps you have a consultant or outside vendor who resolves tickets for you.  This will allow you to list them on a ticket without consuming a user license for that person.  Only users with logon privileges will count against your license.

Logon Privileges – This section does not apply to Administrators.  As mentioned earlier, they are automatically granted access to all areas of Help Desk Premier.  If you wish a user designated as a User Type of Technician to have logon privileges to the Technician Portal, you should select the Technician Portal box here.  Likewise, if you wish a person with a user type of requester to have logon privileges to the self-service (requester) portal, check the Requester Portal checkbox.

Note: A user can be designated as both a Technician and a Requester and have access to both portals.

Organization If you are associating people with organizations (which is not required) you may specify what Organization these users will be placed into when synchronized with Help Desk Premier.

View Tickets Reported By – This option only applies to Requesters who have access to the Self-Service (Requester) Portal.  Requesters may be granted access to view only their tickets (tickets submitted by them), all tickets submitted by their department, or all tickets submitted by their organization.  You can specify their level of viewing privileges here.

Security Roles – For Technicians, Security Roles stipulate what features of the application the user has access to, as well as what data they can see (their own tickets, all tickets, etc).  If you wish, you can assign a Technician to one or more security roles here.

Technician Groups – Technician Groups are merely logical organizations (or groupings) of Technicians.  This is not related to security, but is a way to organize technicians to make it easier to assign tickets or notify technicians about tickets.  If you wish, you can assign one or more technician groups for this Active Directory role in this area.

 

Synchronizing Your Rules

Once your rules have been defined, you can synchronize them one of three ways:

  1. Synchronize select rule(s) manually.
  2. Synchronize all rules manually (all at once)
  3. Let your rules synchronize on a specified schedule.

To synchronize a rule manually, you can select that rule (or multiple rules) from the View Rules window and click “Synchronize” from the Actions panel:

Active Directory Synchronization

 

You can also synchronize a single rule manually from the View Domains window by selecting that Group or OU on the left, and clicking Synchronize in the Actions panel on the right:

synchronize-from-domain-scr

 

 

From either of the above screens, you can also click Synchronize All in the Actions panel to synchronize all rules that have been defined:

Synchronize-All

To synchronize rules on a scheduled basis, simply define a schedule for each rule by clicking on the rule, and clicking on Set Schedule in the Actions Panel.  Then set your schedule accordingly:

AD-Synchronization-Schedule

Enter your desired scheduling frequency, click Update, and a Windows service will synchronize AD to Help Desk Premier on that schedule automatically.

Leave a Comment (0) →