Difference between revisions of "Test"
| Line 9: | Line 9: | ||
| Many schools will use SIMS AD Provisioning and have their SIMS database perform this job for them. Alternatively, you can use a script from TASC Software to do this provisioning for you. <br> <br> | Many schools will use SIMS AD Provisioning and have their SIMS database perform this job for them. Alternatively, you can use a script from TASC Software to do this provisioning for you. <br> <br> | ||
| − | You will need a CSV called INPUT.CSV in the format: ADusername, | + | You will need a CSV called INPUT.CSV in the format: ADusername,ADNO <br> | 
| You will also need to download this script file: [http://www.tascsoftware.co.uk/wiki/PARS/files/import.vbs import.vbs] <br> <br> | You will also need to download this script file: [http://www.tascsoftware.co.uk/wiki/PARS/files/import.vbs import.vbs] <br> <br> | ||
Revision as of 15:33, 29 May 2018
AD Links is an additional module in Insight. It allows users to log in to Insight using their Active Directory account. This is essential for student logins and optional for staff logins. 
 
As AD Links is an additional module of Insight, a separate charge applies. Please contact sales@tascsoftware.co.uk for further information. 
 
Contents
Configuration
Importing Admission Numbers into Active Directory
Many schools will use SIMS AD Provisioning and have their SIMS database perform this job for them. Alternatively, you can use a script from TASC Software to do this provisioning for you. 
 
You will need a CSV called INPUT.CSV in the format: ADusername,ADNO 
You will also need to download this script file: import.vbs 
 
First use notepad to edit the script file above by right-clicking on it and selecting the Open With option. The first line of the file is:
CONST strDomain="MyDomain" 
 
You need to edit this so that your domain appears between the quotation marks, instead of MyDomain. Save the file, then place it and your CSV file into the same folder with not other contents. Run the import.vbs script and your Active Directory will be updated. 
 
Settings within Insight
You will first need to enter the details of your Active Directory into the fields on this page. Once this has been done, existing student, staff or parent accounts can be linked to the AD by performing a synchronisation.  
 
The Check in AD when logging in option must be enabled for Active Directory logins (if this is switched off, all AD logins will be disabled). 
 
Next enter the Domain, Domain reading user and Domain reading password fields. 
The domain should be in the form: mydomain.local. Click the Check button when you have entered these details to confirm that Insight can access the Active Directory. Sometimes, this may say something like "A trust relationship does not exist between x and x" - This is often displayed, it should not cause any issues or be a cause for concern. 
 
By default Insight will check the EmployeeID field for the Admission Number (ADNO) to identify students. This will also be required for staff if you want them to log in using the Active Directory details, but they do not have trusted login accounts in SIMS. 
 
Enable the Use alternative AD field in place of EmployeeID option if you would prefer to use an AD field other than EmployeeID. You then need to enter your choice of field into the Name of alternative field to use setting. 
 
Use student email addresses from AD 
The alternative is to use the email addresses in SIMS 
 
Seamless login
An additional benefit of using this method to log in is that it supports Integrated Windows Authentication in supported browsers.  This means that if the user is logged onto a computer within the domain, their account information can be used to log seamlessly into Insight, without requesting them to enter their account details by hand. 
 
To enable this, all of the previous settings must be working correctly. 
 
To implement seamless login, direct those users who you expect to be able to login to the ADSSO.aspx page initially. If the user is not already logged into the domain, they will be redirected to the normal login page, where they can still enter their Active Directory username and password.  Otherwise, depending on their Security Group membership, they will be passed straight through to Insight.
If you do not expect a user to be able to log in this way, they should be directed to the normal login URL. 
 
Troubleshooting
Failed logins
If users are not able to log in using their AD details then click on the Activity Report link. This will open a window showing the most recent login attempts from AD linked users. This will provide more information as to why the login failed. 
 
Credentials Not Kerberos - User entered an incorrect Password. 
Principal not found - User entered an unknown Username. 

