Difference between revisions of "AD links"
Line 45: | Line 45: | ||
If you do not expect a user to be able to log in this way, they should be directed to the normal login URL. <br> <br> | If you do not expect a user to be able to log in this way, they should be directed to the normal login URL. <br> <br> | ||
− | !-- | + | <!-- |
Use the staff report to get Person_ID numbers for staff. Open the xml file in Excel | Use the staff report to get Person_ID numbers for staff. Open the xml file in Excel | ||
Save the file as CSV | Save the file as CSV | ||
Use the import.vb file to copy the Person_IDs into AD | Use the import.vb file to copy the Person_IDs into AD | ||
− | --! | + | --!> |
==Troubleshooting== | ==Troubleshooting== |
Revision as of 13:31, 5 March 2018
Additional Module |
AD Links is an additional module in Insight. It allows users to log in to Insight using their Active Directory account. This is essential for student logins and optional for staff logins.
As AD Links is an additional module of Insight, a separate charge applies. Please contact sales@tascsoftware.co.uk for further information.
Once accounts are created, pupils can log in to Insight and have all the same role options as a standard parental account - which can be configured to suit your needs.
Configuring AD links
You will first need to enter the details of your Active Directory into the fields on this page. Once this has been done, existing student, staff or parent accounts can be linked to the AD by performing a synchronisation.
Check in AD when logging in
If this is switched off, all AD logins will be disabled
Domain
Enter the domain to use when checking for AD accounts. The domain should be in the form: mydomain.local
Domain reading user and domain reading password
Enter the username and password of an account to use to check the Active Directory for logins. Click the check button when you have entered these details to confirm that Insight can access the Active Directory.
Use alternative AD field in place of EmployeeID
By default Insight will check the EmployeeID field for the Admission Number (ADNO) to identify students. This will also be required for staff if you want them to log in using the Active Directory details, but they do not have trusted login accounts in SIMS.
Switch this option on if you want to use a different field
Name of alternative field to use
When the above option is switched on, you will need to specify the name of the alternative field in AD that contains the Admission Number
Use student email addresses from AD
The alternative is to use the email addresses in SIMS
Check button
This will check to make sure that INSIGHT is happy with the AD configuration you have entered.
Sometimes, this may say something like "A trust relationship does not exist between x and x" - This is often displayed, it should not cause any issues or be a cause for concern.
Seamless login
An additional benefit of using this method to log in is that it supports Integrated Windows Authentication in supported browsers. This means that if the user is logged onto a computer within the domain, their account information can be used to log seamlessly into Insight, without requesting them to enter their account details by hand.
To enable this, all of the previous settings must be working correctly.
To implement seamless login, direct those users who you expect to be able to login to the ADSSO.aspx page initially. If the user is not already logged into the domain, they will be redirected to the normal login page, where they can still enter their Active Directory username and password. Otherwise, depending on their Security Group membership, they will be passed straight through to Insight.
If you do not expect a user to be able to log in this way, they should be directed to the normal login URL.