Active Directory
As of PTS v5.0.5.0 you can now configure PTS to use Active Directory to manage your PTS user list.
Setup
Setting up Active Directory integration comprises two key elements; some basic technical setup in Application Settings followed by mapping Active Directories "Groups" to PTS's "Roles".
Application settings
There are just two Application Settings that may need your attention to enable AD integration.
Security Mode
This refers to the method of security used to log users in to PTS. Choose one of the two Active Directory based modes:
- AD
Active Directory authentication only. - MAD
Mixed: Enables Active Directory and standard PTS authentication.
Context for AD Login
Set this to Domain to enable AD.
Mapping Active Directory Groups to PTS Roles
See the Actions Menu section of the Roles setup guide for detailed instructions on mapping AD groups to PTS user roles.
Usage
In terms of the user experience, upon accessing the PTS URL they will simply be automatically logged in and assigned the correct role, permissions, wards, dispensaries and so on.
In the background the following logic is used:
- If the user is accessing the system for the first time (or is otherwise not found in PTS)
PTS creates an associated PTS user account using their AD details in combination with the mapped PTS role. - The user is found but their group or other details have been amended in AD
PTS applies the changes to the PTS user account, such as by assigning them a new role. - The user is found but the Active Directory role mappings now specify that they should be assigned a new role, or different ward or dispensaries
PTS applies the changes to the PTS user account. - The PTS user role setup that they are assigned to has been amended (different permissions, user views etc.)
PTS applies the changes to the PTS user account.
...the user is then logged in to PTS using either their existing account or their amended existing one.
In short, the PTS user account is either created an account, or their existing one is amended if necessary, and they are then logged in with it.