Difference between revisions of "Active Directory"
(→Setup) |
(→Usage) |
||
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
As of PTS v5.0.5.0 you can now configure PTS to use Active Directory to manage your PTS user list. | As of PTS v5.0.5.0 you can now configure PTS to use Active Directory to manage your PTS user list. | ||
=Setup= | =Setup= | ||
Setting up Active Directory integration comprises two key elements; some basic technical setup in Application Settings followed by mapping Active Directory <i>Groups</i> to PTS <i>Roles</i>. | |||
==Application settings== | |||
There are just two [[Application Settings]] that may need your attention to enable AD integration. | There are just two [[Application Settings]] that may need your attention to enable AD integration. | ||
==Security Mode== | ===Security Mode=== | ||
This refers to the method of security used to log users in to PTS. Choose one of the two Active Directory based modes: | This refers to the method of security used to log users in to PTS. Choose one of the two Active Directory based modes: | ||
<ul> | <ul> | ||
Line 10: | Line 12: | ||
Mixed: Enables Active Directory and standard PTS authentication.</li> | Mixed: Enables Active Directory and standard PTS authentication.</li> | ||
</ul> | </ul> | ||
==Context for AD Login== | ===Context for AD Login=== | ||
Set this to <strong>Domain</strong> to enable AD. | Set this to <strong>Domain</strong> to enable AD. | ||
==Mapping Active Directory Groups to PTS Roles== | |||
See the [[Roles#Actions_menu|Actions Menu section of the Roles setup guide]] for detailed instructions on mapping AD groups to PTS user roles. | |||
=Usage= | |||
In terms of the user experience, upon accessing the PTS URL they will simply be automatically logged in and assigned the correct role, permissions, wards, dispensaries, user views and so on. | |||
In the background the following logic is used: | |||
<ul> | |||
<li><strong>If the user is accessing the system for the first time (or is otherwise not found in PTS)</strong><br/> | |||
PTS creates an associated PTS user account using their AD details in combination with the mapped PTS role.</li> | |||
<li><strong>The user is found but their group or other details have been amended in AD</strong><br/> | |||
PTS applies the changes to the PTS user account, up to and including assigning them a new role.</li> | |||
<li><strong>The user is found but the Active Directory role mappings now specify that they should be assigned a new role, or different ward or dispensaries</strong><br/> | |||
PTS applies the changes to the PTS user account.</li> | |||
<li><strong>The user's assigned PTS role has been amended (different permissions, user views etc.)</strong><br/> | |||
PTS applies the changes to the PTS user account.</li> | |||
</ul> | |||
In short, the user's PTS account is either created or their existing one is amended - if necessary - and they are then automatically logged in with it. |
Latest revision as of 14:50, 11 September 2023
As of PTS v5.0.5.0 you can now configure PTS to use Active Directory to manage your PTS user list.
Setup
Setting up Active Directory integration comprises two key elements; some basic technical setup in Application Settings followed by mapping Active Directory Groups to PTS Roles.
Application settings
There are just two Application Settings that may need your attention to enable AD integration.
Security Mode
This refers to the method of security used to log users in to PTS. Choose one of the two Active Directory based modes:
- AD
Active Directory authentication only. - MAD
Mixed: Enables Active Directory and standard PTS authentication.
Context for AD Login
Set this to Domain to enable AD.
Mapping Active Directory Groups to PTS Roles
See the Actions Menu section of the Roles setup guide for detailed instructions on mapping AD groups to PTS user roles.
Usage
In terms of the user experience, upon accessing the PTS URL they will simply be automatically logged in and assigned the correct role, permissions, wards, dispensaries, user views and so on.
In the background the following logic is used:
- If the user is accessing the system for the first time (or is otherwise not found in PTS)
PTS creates an associated PTS user account using their AD details in combination with the mapped PTS role. - The user is found but their group or other details have been amended in AD
PTS applies the changes to the PTS user account, up to and including assigning them a new role. - The user is found but the Active Directory role mappings now specify that they should be assigned a new role, or different ward or dispensaries
PTS applies the changes to the PTS user account. - The user's assigned PTS role has been amended (different permissions, user views etc.)
PTS applies the changes to the PTS user account.
In short, the user's PTS account is either created or their existing one is amended - if necessary - and they are then automatically logged in with it.