AD links

From InsightWiki
Jump to navigation Jump to search
Addmod2.png Additional Module

Introduction

The AD links page is used to link Insight with your Active Directory. This allows students, staff and parents to log in to Insight using the Active Directory login details. This is the only method that allows students to log in. Once accounts are created, pupils can log in to Insight and have all the same role options as a standard parental account - which can be configured to suit your needs.

AD Links is an optional add-on for Insight and costs £175 p.a. You can check whether or not your school has purchased the AD links module by going to the licence details page.

Configuring AD links

You will first need to enter the details of your Active Directory into the fields on this page. Once this has been done, existing student, staff or parent accounts can be linked to the AD by performing a synchronisation.

Adlinks2.jpg

Check in AD when logging in
If this is switched off, all AD logins will be disabled

Domain
Enter the domain to use when checking for AD accounts. The domain should be in the form: mydomain.local

Domain reading user and domain reading password
Enter the username and password of an account to use to check the Active Directory for logins

Use alternative AD field in place of EmployeeID
By default Insight will check the EmployeeID field for the SIMS database ID number to identify parents. This will also be required for staff if you want them to log in using the Active Directory details, but they do not have trusted login accounts in SIMS.

Switch this option on if you want to use a different field

Name of alternative field to use
When the above option is switched on, you will need to specify the name of the alternative field in AD that contains the SIMS database ID number

Use student email addresses from AD
The alternative is to use the email addresses in SIMS

Seamless login

An additional benefit of using this method to log in is that it supports Integrated Windows Authentication in supported browsers. This means that if the user is logged onto a computer within the domain, their account information can be used to log seamlessly into Insight, without requesting them to enter their account details by hand.

To enable this, all of the previous settings must be working correctly.

To implement seamless login, direct those users who you expect to be able to login to the ADSSO.aspx page initially. If the user is not already logged into the domain, they will be redirected to the normal login page, where they can still enter their Active Directory username and password. Otherwise, depending on their Security Group membership, they will be passed straight through to Insight. If you do not expect a user to be able to log in this way, they should be directed to the normal login URL.

Troubleshooting

Failed logins

If users are not able to log in using their AD details then click on the Activity Report link. This will open a window showing the most recent login attempts from AD linked users. This will provide more information as to why the login failed.

Assigning SIMS database IDs to AD records

Many schools will use SIMS AD Provisioning and have their SIMS database perform this job for them. Alternatively, you can use a script from TASC Software to do this provisioning for you.

You will need a CSV called IMPORT.CSV in the format: ADusername,MISID
You will also need to download this script file: import.vbs

First use notepad edit the script file above by right-clicking on it and selecting the Open With option. The first line of the file is: CONST strDomain="MyDomain"

You need to edit this so that your domain appears between the quotation marks, instead of MyDomain. Save the file, then place it and your CSV file into the same folder with not other contents. Run the import.vbs script and your Active Directory will be updated.