Print this chapterPrint this chapter

Creating User Accounts

5. Integrating Your Site with Active Directory

LDAP or LDAPS is the most common authentication integration among eThink by Open LMS clients. Other external authentication integration methods available include:

  • CAS 
  • SAML (ADFS/Okta/etc) 
  • oAuth2 (Google, Microsoft o365, Facebook, etc)

Active Directory, or AD, allows your user’s passwords to be verified off of the Microsoft/Azure AD, and if the password is verified, the user is then logged in to your site. This relies mainly on the presence of the user ID number from your Student Information System. 

Active Directory Setup

Mapping between the two systems is done using Organizational Units (OU's), which are used to organize the Active Directory user groups. In educational contexts it's common to have a faculty OU, as well as one or more student OU's. The specific containers to be used in your site will be set up during the implementation process, but can also be configured later. 

User Creation Process 

Similar to the enrollment integration, new user accounts created in Active Directory will be automatically created on your site using one of two processes: 

1) As soon as an account in created in AD, a user can login to your site. This will automatically create their account here if it doesn't already exist. This is also called "login sync". 

2) A complete synchronization process runs every night. All accounts added to AD or updated in AD are created or updated in your site as well. All users can login to your site using their AD username and password. Do note that all password changes must be done directly in Active Directory; those changes will be immediately reflected here as well. 

Expired Passwords and password expiration time lines are enforced by your site. Users will receive a warning when their password is expiring, and prevent users with expired passwords from signing in. 

Importance of the 'ID number' field 

The Student or Faculty ID number, which is typically stored in the Employee ID field in AD is very important. This populates into the user profile in the ID Number field, found in the Optional section toward the bottom of a user's profile page. This ID number connects the user's account on your site to the user’s SIS information. It is essential that this be present in order for the Enrollment Integration to function properly.

For more information about the Active Directory integration, please open a support request (opens in new tab) through the Open LMS support portal