Active Directory¶
- Create Your Active Directory Users
- Set up the Daktela Integration
- Assign the Authentication Method to Your Users
Create Your Active Directory Users¶
On the machine where you administer your AD, open Active Directory Users and Computersand create your users.
Tip
Keep in mind that the user's user name in Active Directory must be the same as their user name in Daktela.
Set up the Daktela Integration¶
In Daktela, go to Manage → Integrations and click Configure under Active Directory. Enter your host name or IP address into the Host field. Enter yourdomain name into the Domainfield. Click Activate.
The AD password lifetime field sets how long an authenticated session stays valid, in hours. After a user logs in, their Daktela session remains valid for this many hours before it expires and they have to log in again.
Warning
AD password lifetime controls the session duration, not a password cache. Every login attempt performs a live LDAP bind against Active Directory, so there is no cached password used for authentication. However, once a user is logged in, their session stays valid for the full lifetime regardless of what happens in AD. If an AD password is changed or revoked mid-session, the user remains logged in to Daktela until the lifetime expires. We recommend setting the value to less than 12 hours (for example 10) so that sessions expire between shifts and a changed or revoked AD password takes effect at the user's next login.
Assign the Authentication Method to Your Users¶
Go to Manage → Users → List of Users. Open the details of the user you want to assign the authentication method to.
Tip
Keep in mind that the user's user name in Active Directory must be the same as their user name in Daktela.
Under Verify type, select the host name or IP address that you entered into the Host field when setting up the authentication in Manage → Integrations (see Set up the Daktela integration above). Your Active Directory users will now be able to log in to Daktela using their AD user name and password. If you want users to be able to log in using their Daktela password as well as Active Directory:
- Enable Allow OAuth PasswordsinManage → Global settings.
- Enter a Password in the user's details in Manage → Users → List of Users.