Difference between revisions of "Active Directory"

From TMS Support Wiki
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
As of PTS v5.0.5.0 you can now configure PTS to use Active Directory to manage your PTS user list.
As of PTS v5.0.5.0 you can now configure PTS to use Active Directory to manage your PTS user list.
=Setup=
=Setup=
Setting up Active Directory integration comprises two key elements; some basic technical setup in Application Settings followed by mapping Active Directories "Groups" to PTS's "Roles".
Setting up Active Directory integration comprises two key elements; some basic technical setup in Application Settings followed by mapping Active Directory <i>Groups</i> to PTS <i>Roles</i>.
==Application settings==
==Application settings==
There are just two [[Application Settings]] that may need your attention to enable AD integration.
There are just two [[Application Settings]] that may need your attention to enable AD integration.
Line 16: Line 16:
==Mapping Active Directory Groups to PTS Roles==
==Mapping Active Directory Groups to PTS Roles==
See the [[Roles#Actions_menu|Actions Menu section of the Roles setup guide]] for detailed instructions on mapping AD groups to PTS user roles.
See the [[Roles#Actions_menu|Actions Menu section of the Roles setup guide]] for detailed instructions on mapping AD groups to PTS user roles.
=Usage=
=Usage=
In terms of the user experience, upon accessing the PTS URL they will simply be automatically logged in and assigned the correct role, permissions, wards, dispensaries and so on.
In terms of the user experience, upon accessing the PTS URL they will simply be automatically logged in and assigned the correct role, permissions, wards, dispensaries, user views and so on.


In the background the following logic is used:
In the background the following logic is used:
Line 24: Line 25:
PTS creates an associated PTS user account using their AD details in combination with the mapped PTS role.</li>
PTS creates an associated PTS user account using their AD details in combination with the mapped PTS role.</li>
<li><strong>The user is found but their group or other details have been amended in AD</strong><br/>
<li><strong>The user is found but their group or other details have been amended in AD</strong><br/>
PTS applies the changes to the PTS user account, such as by assigning them a new role.</li>
PTS applies the changes to the PTS user account, up to and including assigning them a new role.</li>
<li><strong>The user is found but the Active Directory role mappings now specify that they should be assigned a new role, or different ward or dispensaries</strong><br/>
<li><strong>The user is found but the Active Directory role mappings now specify that they should be assigned a new role, or different ward or dispensaries</strong><br/>
PTS applies the changes to the PTS user account.</li>
PTS applies the changes to the PTS user account.</li>
<li><strong>The PTS user role setup that they are assigned to has been amended (different permissions, user views etc.)</strong><br/>
<li><strong>The user's assigned PTS role has been amended (different permissions, user views etc.)</strong><br/>
PTS applies the changes to the PTS user account.</li>
PTS applies the changes to the PTS user account.</li>
</ul>
</ul>


...the user is then logged in to PTS using either their existing account or their amended existing one.
In short, the user's PTS account is either created or their existing one is amended - if necessary - and they are then automatically logged in with it.
 
In short, the PTS user account is either created an account, or their existing one is amended if necessary, and they are then logged in with it.

Latest revision as of 14:50, 11 September 2023

As of PTS v5.0.5.0 you can now configure PTS to use Active Directory to manage your PTS user list.

Setup

Setting up Active Directory integration comprises two key elements; some basic technical setup in Application Settings followed by mapping Active Directory Groups to PTS Roles.

Application settings

There are just two Application Settings that may need your attention to enable AD integration.

Security Mode

This refers to the method of security used to log users in to PTS. Choose one of the two Active Directory based modes:

  • AD
    Active Directory authentication only.
  • MAD
    Mixed: Enables Active Directory and standard PTS authentication.

Context for AD Login

Set this to Domain to enable AD.

Mapping Active Directory Groups to PTS Roles

See the Actions Menu section of the Roles setup guide for detailed instructions on mapping AD groups to PTS user roles.

Usage

In terms of the user experience, upon accessing the PTS URL they will simply be automatically logged in and assigned the correct role, permissions, wards, dispensaries, user views and so on.

In the background the following logic is used:

  • If the user is accessing the system for the first time (or is otherwise not found in PTS)
    PTS creates an associated PTS user account using their AD details in combination with the mapped PTS role.
  • The user is found but their group or other details have been amended in AD
    PTS applies the changes to the PTS user account, up to and including assigning them a new role.
  • The user is found but the Active Directory role mappings now specify that they should be assigned a new role, or different ward or dispensaries
    PTS applies the changes to the PTS user account.
  • The user's assigned PTS role has been amended (different permissions, user views etc.)
    PTS applies the changes to the PTS user account.

In short, the user's PTS account is either created or their existing one is amended - if necessary - and they are then automatically logged in with it.