As of PTS v5.0.5.0 you can now configure PTS to use Active Directory to manage your PTS user list.

Setup

Setting up Active Directory integration comprises two key elements; some basic technical setup in Application Settings followed by mapping Active Directory Groups to PTS Roles.

Application settings

There are just two Application Settings that may need your attention to enable AD integration.

Security Mode

This refers to the method of security used to log users in to PTS. Choose one of the two Active Directory based modes:

• AD
  Active Directory authentication only.
• MAD
  Mixed: Enables Active Directory and standard PTS authentication.

Context for AD Login

Set this to Domain to enable AD.

Mapping Active Directory Groups to PTS Roles

See the Actions Menu section of the Roles setup guide for detailed instructions on mapping AD groups to PTS user roles.

Usage

In terms of the user experience, upon accessing the PTS URL they will simply be automatically logged in and assigned the correct role, permissions, wards, dispensaries, user views and so on.

In the background the following logic is used:

• If the user is accessing the system for the first time (or is otherwise not found in PTS)
  PTS creates an associated PTS user account using their AD details in combination with the mapped PTS role.
• The user is found but their group or other details have been amended in AD
  PTS applies the changes to the PTS user account, up to and including assigning them a new role.
• The user is found but the Active Directory role mappings now specify that they should be assigned a new role, or different ward or dispensaries
  PTS applies the changes to the PTS user account.
• The user's assigned PTS role has been amended (different permissions, user views etc.)
  PTS applies the changes to the PTS user account.

In short, the user's PTS account is either created or their existing one is amended - if necessary - and they are then automatically logged in with it.