Directory Services User Management
Directory Services User Management
From FinanceHub Server 3.0.1 third party Directory Services authentication is supported as a means of authenticating client connections and allowing for FinanceHub access to be managed by your existing support teams.
Heterogeneous installations using Directory Services and Native User Store are also supported. Native User management is still supported and will continue to be so.
Overview of Directory Services Implementation
The following diagram details the implementation of the Directory Services FinanceHub Server implementation.
Step |
Description |
1 |
End user starts the logon process to FinanceHub. The FinanceHub client contacts the domain and validates the users username & password. |
2 |
Group membership information is passed to the FinanceHub client application. User details are also retrieved e.g. Site, Description, Telephone Number, Email, First Name, Surname |
3 |
[Providing Username and Password correct in Step 1] FinanceHub initiates a connection with the FinanceHub Server and passes the information to the FinanceHub native user store and configures user profile based on group membership details. |
Configuring FinanceHub for Directory Services Authentication
To configure FinanceHub for Directory Services Authentication you will need to update your mooApplicationSettings.xml file adding two new keys:
Authentication Keys
ACTIVED_AUTHENTICATION
Key Values Boolean [TRUE/FALSE] Determines whether Directory Services Authentication should be used. DEFAULT: Disabled, Native User Management in Effect
ACTIVED_AUTHENTICATION_DOMAIN
Key Value String. Name of your Domain. DEFAULT: Disabled, Native User Management in Effect
You can copy and paste the following into your application settings file, adding your domain name details.
<Settings>
<Key>ACTIVED_AUTHENTICATION</Key>
<Value>TRUE</Value>
</Settings>
<Settings>
<Key>ACTIVED_AUTHENTICATION_DOMAIN</Key>
<Value>YOUR_DOMAIN_NAME</Value>
</Settings>
Our example settings file is shown below:
Your mooApplicationSettings.xml file is only read on start-up of the client application (Excel). If you have already started the Excel session you wish to connect from you should restart Excel.
Creating Standard Groups
A minimum of two groups are required for Directory Services authentication.
Group |
Description |
FinanceHub |
End user group, user does not have access to any administration functions |
FinanceHubAdmin |
Admin group, user can access all functionality, including process, workflow, and session management. |
These should be created as follows (example shows creating users and groups through the Windows Server 2012 Active Directory Users and Computers control):
1) Create a new Group:
2) Call the new group "FinanceHub"
3) Repeat Step 1 & 2, but create this group as "FinanceHubAdmin"
Creating a User and Assigning to the FinanceHub Groups
In this example we will go through the steps of creating a brand new user and provisioning them for FinanceHub access
1) Create a new user
2) Complete basic information about our new user
3) Set an initial password.
IMPORTANT: In a real world scenario you will probably select "User must change password at next logon". If you are testing and not planning to logon to a computer to change the password before attempting to access FinanceHub you should un-check this box as Active Directory will not authenticate any third party authentication until the password has been changed.
4) Finish
5) Edit our users properties
6) Complete more detailed information about our test user in General
7) Assign our FinanceHub groups to our user in the Member Of pane.
Click Add
Type "myObject" and choose Check Names:
Select the end-user FinanceHub group and press OK
and OK.
Now press Apply:
Now open the FinanceHub logon screen and enter your Active Directory username and password as you have configured:
If we now look at the Native Store manager:
All of the data has been synced with the Directory Services record, and the user is flagged as being managed by Active Directory.