Articles in this section

See more

Automatic User Account Creation

Avatar
John Lin
Updated
Follow
iDashboards has the ability to automatically add LDAP authenticated users into the iDashboards User list. This process is performed by enabling the Post Authentication Processor or PAP.  This is most effective in the case where your organization has purchased a large quantity of users.

What it does:

  1. Adds users.
  2. Users who are added by PAP are given a role, primary group and secondary group by the PAP settings.  

What it does not do:

  1. Remove users.
  2. Implement LDAP integration. This needs to be set up separately.
  3. Secure which users will get added. Anyone that has access to the URL, supplies their network username and password, and is LDAP authenticated will be given access to iDashboards provided there is an available license. (related to What it does #2)  
  4. Control the number of licenses that get taken up. (related to What it does not do #3)  
  5. SSO.
  6. Doesn’t map iDashboards groups to LDAP groups.


Please add the following lines to the ivizgroup.properties file to properly configure PAP:  All lines are commented out with the '#' symbol.  Please remove the '#' in order for the iDashboards server to read those lines.
 

#PostAuthenticationProcessor code below
#PostAuthenticationProcessor=com.ivizgroup.idb.extension.user.LDAPUserSynchronizer
#PostAuthenticationProcessor.connectionURL= ldap://<domain name>:389
#PostAuthenticationProcessor.userBase=dc=example,dc=com
#PostAuthenticationProcessor.userSearch=(sAMAccountName={0})
#PostAuthenticationProcessor.reload=false
#PostAuthenticationProcessor.addUser=true
#PostAuthenticationProcessor.updateUser=true
#PostAuthenticationProcessor.default.USER_ROLE=<N, A, U, V>
#PostAuthenticationProcessor.default.PRIMARY_GROUP_ID=<Primary Group ID>
#PostAuthenticationProcessor.default.SECONDARY_GROUP_IDS=<Secondary Group ID>

#Other optional additions to the code:
#PostAuthenticationProcessor.userSearch=(uid={0})
#PostAuthenticationProcessor.userSearch=(cn={0})
#PostAuthenticationProcessor.userSubtree=
#PostAuthenticationProcessor.referral=follow
#PostAuthenticationProcessor.connectionName=<username to connect to AD>
#PostAuthenticationProcessor.connectionPassword=
#PostAuthenticationProcessor.userSearchModifiers=com.ivizgroup.extension.modifiers.BackslashStringModifie

 

Warning:

In smaller user account quantities the Post Authentication Process can cause your user that has been successfully authenticated in LDAP to not gain access to iDashboards if no licenses are available.  This can result into a poor user experience.
 

Applies to:

  • Enterprise Suite

Related articles

Comments

0 comments

Please sign in to leave a comment.