|
|
| Riga 1: |
Riga 1: |
| − | Domain connection(s) can be managed in '''''General\System\LM Settings''''' with ''[[glossary|superadmin]]'' role.
| + | === Action Engine Configuration === |
| | + | ''[[Glossary|Action Engine]]'' enabled the user to configured an ''[[Glossary|Action]]'' and the activation condition. An ''[[Glossary|action]]'' is composed by: |
| | | | |
| − | In tab <u>''LDAP Properties''</u> is possible to manage a list of domain connection(s).
| + | * General Information |
| − | Is possile to define connection(s) related to different domain(s) or to same domain but with different ''[[glossary|BaseDN]]''.
| + | * Trigger and Activation condition |
| | + | * Parameters |
| | + | * Tasks to execute |
| | | | |
| − | {| class="wikitable"
| + | ==== General ==== |
| − | ! Field !! Description !! Comment
| + | The following images shown the ''[[Glossary|action]]' user interface and provide some more detail about this functionality |
| − | | |
| − | |-
| |
| − | |<u>Configuration Name</u> || The name of current Domain connection ||
| |
| | | | |
| − | |- | + | [[File:Action general tab v1.0.jpg|centre|thumb|500x500px|Action Configuration]] |
| − | |<u>Host</u> || Domain server address or host name || | |
| | | | |
| − | |-
| + | ==== Parameters ==== |
| − | |<u>BaseDN</u> || The domain Distinguished Name ||It shall contain the domain name parts separated by ",".
| + | TBC |
| − | | |
| − | <u>'''Example: itmSUITE.local shall be inserted as DC=itmSUITE,DC=local'''</u>
| |
| − | | |
| − | Shall be possible define a precise OU of domain to be considered in connection
| |
| − | | |
| − | <u>'''Example: connection to Organizational Unit "TechUser" belongs to domain itmSUITE.local shall be inserted as OU=TechUsers,DC=itmSUITE,DC=local'''</u>
| |
| − | | |
| − | |-
| |
| − | |<u>Server Type</u> || Type of domain controller || AD (active Directory) and OpenLDAP are supported
| |
| − | | |
| − | |-
| |
| − | |<u>Active</u> || If checked: the connection is active ||
| |
| − | | |
| − | |}
| |
| − | | |
| − | By click on button '''Add New''' is possible to add a domain connection by filling the following properties
| |
| | | | |
| | + | ==== Events Managed ==== |
| | {| class="wikitable" | | {| class="wikitable" |
| − | ! Field !! Description !! Comment | + | ! Category / Class !! General !! Project !! Service !! Ticket |
| − | | |
| − | |-
| |
| − | |<u>Configuration Name</u> || Mandatory. The name of current Domain connection ||
| |
| − | | |
| − | |-
| |
| − | |<u>Host</u> || Mandatory. Domain server address or host name ||
| |
| − | | |
| − | |-
| |
| − | |<u>Server Type</u> || Mandatory. Type of domain controller || AD (active Directory) and OpenLDAP are supported
| |
| − | | |
| − | |-
| |
| − | |<u>BaseDN</u> || Mandatory. The domain Distinguished Name ||It shall contain the domain name parts separated by ",".
| |
| − | | |
| − | <u>'''Example: itmSUITE.local shall be inserted as DC=itmSUITE,DC=local'''</u>
| |
| − | | |
| − | Shall be possible define a precise OU of domain to be considered in connection
| |
| − | | |
| − | <u>'''Example: connection to Organizational Unit "TechUser" belongs to domain itmSUITE.local shall be inserted as OU=TechUsers,DC=itmSUITE,DC=local'''</u>
| |
| | | | |
| | |- | | |- |
| − | |<u>Bind User</u> || Domain user login || it will be used for current connection | + | |<u>LDAP Events</u> || LDAP Message || || || || |
| | | | |
| | |- | | |- |
| − | |<u>Bind Password</u> || Domain user password || it will be used for current connection | + | |<u>MB Scheduler</u> || || || || || |
| | | | |
| | |- | | |- |
| − | |<u>Active</u> || If checked: the connection is active || Current connection can't be active until it is not checked | + | |<u>User Note Events</u> || || || || || |
| | | | |
| | |- | | |- |
| − | |<u>Sample user's login</u> || Domain user login used for check inserted parameters || | + | |<u>Internal System Events</u> || || || || || |
| | | | |
| | |- | | |- |
| − | |<u>Sample user's password</u> || Domain user password used for check inserted parameters || | + | |<u>External System Events</u> || || || || || |
| | | | |
| | |- | | |- |
| − | |<u>Checked</u> || If checked: the connection has been verified || | + | |<u>OCE Events</u> || || || || || |
| | | | |
| − | |}
| + | ===== LDAP Message ===== |
| | + | TBC |
| | | | |
| − | A domain connection shall be activable only after it was checked: use button '''Check''' to verify it.
| + | ===== Reporting distribution by mail ===== |
| | + | TBC |
| | | | |
| − | At click on button '''Check''': ''[[glossary|itmSUITE]]'' will send a request to domain with inserted credentials.
| + | ===== Resource on project association ===== |
| | + | TBC |
| | | | |
| − | If at least 1 connection is active the ''[[glossary|user]]'' with same login on domain could use domain credentials instead of ''[[glossary|user]]'' credentials.
| + | ===== Upload relations Resource-Projects ===== |
| | + | TBC |
| | | | |
| − | In this case the authentication follows these steps:
| + | ===== User Note Created ===== |
| − | * 1. ''[[glossary|itmSUITE]]'' checks if login inserted is existing in its DB, otherwise access is not allowed.
| + | TBC |
| − | * 2. ''[[glossary|itmSUITE]]'' sends a request with pair login, password to domain controller.
| |
| − | * 3. The domain controller checks if the login inserted is existing in domain and if password is correct.
| |
| − | * 4. If domain controller response is positive: ''[[glossary|itmSUITE]]'' allows access.
| |
| − | * 5. If domain controller response is negative: ''[[glossary|itmSUITE]]'' checks password on its DB and grants access if check is positive, otherwise access is not allowed.
| |
| | | | |
| − | More than one connection to domain(s) can be active at the same time: in this case the above step 2 is executed on each active connection.
| + | ===== User Note Updated ===== |
| | + | TBC |
| | | | |
| − | == Import domain user == | + | ===== Project Created ===== |
| | + | TBC |
| | | | |
| − | Domain user import can be managed in '''''General\System\Import from LDAP''''' with ''[[glossary|superadmin]]'' role.
| + | ===== Project Updated ===== |
| | + | TBC |
| | | | |
| − | The connection parameters can be selected by drop list <u>Use authentication configuration</u> or directly inserted.
| + | ===== Service Created ===== |
| | + | TBC |
| | | | |
| − | {| class="wikitable"
| + | ===== Service Updated ===== |
| − | ! Field !! Description !! Comment
| + | TBC |
| | | | |
| − | |-
| + | ===== Ticket Activity Created ===== |
| − | |<u>Use authentication configuration</u> || Allows to select an existing domain connection ||
| + | TBC |
| | | | |
| − | |-
| + | ===== Ticket Activity Updated ===== |
| − | |<u>Host</u> || Domain server address or host name ||
| + | TBC |
| | | | |
| − | |-
| + | ===== Ticket Created ===== |
| − | |<u>BaseDN</u> || The domain Distinguished Name ||It shall contain the domain name parts separated by ",".
| + | TBC |
| | | | |
| − | <u>'''Example: itmSUITE.local shall be inserted as DC=itmSUITE,DC=local'''</u>
| + | ===== Ticket Updated ===== |
| | + | TBC |
| | | | |
| − | Shall be possible define a precise OU of domain to be considered in connection
| + | ===== Workflow Button ===== |
| | + | TBC |
| | | | |
| − | <u>'''Example: connection to Organizational Unit "TechUser" belongs to domain itmSUITE.local shall be inserted as OU=TechUsers,DC=itmSUITE,DC=local'''</u>
| + | ===== Incoming Message ===== |
| | + | When the incoming message is validated by EEM, the informations are sent to MB (Message Bus) that dispatch it to the itmSUITE® Action engine and a configured ''[[Glossary|Action]]'' is activated. |
| | | | |
| − | |-
| + | ===== Trigger Value Reched ===== |
| − | |<u>Server Type</u> || Type of domain controller || AD (active Directory) and OpenLDAP are supported
| + | TBC |
| − | | |
| − | |-
| |
| − | |<u>Username Attribute</u> || TBC ||
| |
| − | | |
| − | |-
| |
| − | |<u>Bind User</u> || Domain user login || it will be used for current connection
| |
| − | | |
| − | |-
| |
| − | |<u>Bind Password</u> || Domain user password || it will be used for current connection
| |
| − | | |
| − | |-
| |
| − | |<u>Mail Option</u> || This section allows to define how to synchronize the existing domain user mail on itmSUITE user|| Add LDAP Mail to user (if not present):
| |
| − | | |
| − | Overwrite itmSUITE mail with LDAP mail:
| |
| − | | |
| − | |-
| |
| − | |<u>Add LDAP Mail to Notification Mail</u> || The mail will be activated on synchronized user notification addresses ||
| |
| − | | |
| − | |-
| |
| − | |<u>Add LDAP Mail to Outbound Mail</u> || The mail will be activated on synchronized user message addresses ||
| |
| − | | |
| − | |}
| |
| − | | |
| − | At click on button '''Next''' will be executed a search in domain matching user by login.
| |
| − | | |
| − | As result will be visualized a table with:
| |
| − | * 1. ''[[glossary|itmSUITE]]'' user not matched
| |
| − | * 2. ''[[glossary|itmSUITE]]'' user matched
| |
| − | * 3. Domain user not matched
| |
| − | | |
| − | The column <u>Login(LDAP)</u> allows to match manually the ''[[glossary|itmSUITE]]'' uesrs not matched automatically on domain user (this operation will overwrite current itmSUITE login with domain login).
| |
| − | | |
| − | By click on left checkbox is possible to select which users shall be imported / updated with data from domain.
| |
| − | | |
| − | At click on button '''Next''' a summary table will be visualized.
| |
| − | | |
| − | At click on button '''Next''' will be visualized a filter to select company and role for all the selected users.
| |
| − | | |
| − | At click on button '''Next''' the synchronization process will start:
| |
| − | * 1. Domain user selected but not matched will be created as new ''[[glossary|itmSUITE]]'' user
| |
| − | * 2. ''[[glossary|itmSUITE]]'' user selected and matched will be updated with data from domain
| |
| − | | |
| − | == Schedule Import == | |
| − | | |
| − | Import of domain user scheduling can be managed in ''[[glossary|MB]]'' (Message Bus) module and configured in ''[[glossary|Action Engine]]'' .
| |
| − | | |
| − | In ''[[glossary|MB]]'' is possible to schedule a message with type "LDAP Synchronization": check in ''[[glossary|MB]]'' dedicated section for details.
| |
| − | | |
| − | In ''[[glossary|Action Engine]]'' is possible to create and ''[[glossary|action]]'' dedicated to call the "LDAP synchronization" process explained above: check in ''[[glossary|Action Engine]]'' dedicated section for details.
| |
| − | | |
| − | == Use of SSO (Single Sign On) == | |
| − | | |
| − | SSO (Single Sign On) can be managed in '''''General\System\LM Settings with superadmin role'''''.
| |
| − | | |
| − | SSO can be activated by use or protocols <u>'''NTLM'''</u> or <u>'''NTLM2'''</u> and Microsoft <u>'''AD'''</u> ( <u>'''Active Directory'''</u> ).
| |
| − | <u>'''NTLM'''</u> and <u>'''NTLM2'''</u> activation is mutually exclusive.
| |
| − | | |
| − | Protocol <u>'''NTLM'''</u> can be activated in tab <u>''NTLM properties''</u>
| |
| − | | |
| − | {| class="wikitable"
| |
| − | ! Field !! Description !! Comment
| |
| − | | |
| − | |-
| |
| − | |<u>Active Directory Controller</u> || Domain server address or host name ||
| |
| − | | |
| − | |-
| |
| − | |<u>Default Domain</u> || TBC ||
| |
| − | | |
| − | |-
| |
| − | |<u>Checked</u> || If checked: the connection has been verified ||
| |
| − | | |
| − | |-
| |
| − | |<u>Sample user's login</u> || Domain user login used for check inserted parameters ||
| |
| − | | |
| − | |-
| |
| − | |<u>Sample user's password</u> || Domain user password used for check inserted parameters ||
| |
| − | | |
| − | |}
| |
| − | | |
| − | Protocol <u>'''NTLM2'''</u> can be activated in tab <u>''NTLM2 properties''</u>
| |
| − | | |
| − | {| class="wikitable"
| |
| − | ! Field !! Description !! Comment
| |
| − | | |
| − | |-
| |
| − | |<u>Active Directory Controller</u> || Domain server address or host name ||
| |
| − | | |
| − | |-
| |
| − | |<u>SPN user's login</u> || TBC ||
| |
| − | | |
| − | |-
| |
| − | |<u>SPN user's password</u> || TBC ||
| |
| − | | |
| − | |-
| |
| − | |<u>Checked</u> || If checked: the connection has been verified ||
| |
| | | | |
| − | |} | + | ==== VCE Condition ==== |
| | + | ''Condition'tab'' enable the user to define a Boolean condition that should be verify before activate the ''[[Glossary|action]]' . Generally the conditions works on input ''Parameter''. |
| | | | |
| − | ==== Enabling NTLM /NTLM2 authorization in Internet Explorer ====
| + | [[File:Action condition tab v1.0.jpg|centre|thumb|500x500px|Action Configuration]] |
| | | | |
| − | * 1. Go to menu '''''Internet Options''''', tab <u>''Security''</u> and click on "Local Intranet" option.
| + | === Task === |
| | + | Tasks tab enable the user to define one or more task that will be executed sequentially if the condition is valid. The system manage different type of task, the most flexible and powerful is Scripting task, based on Javascript framework, enable the user to call itmSUITE® primitive |
| | | | |
| − | * 2. Click on '''Sites''' button. In opened window make sure that the last three boxes are checked and click on the '''Advanced''' button.
| + | [[File:Action task settings tab v1.0.jpg|centre|thumb|500x500px|Action Task Configuration]] |
| − | Add you domain name into the list of Websites (example: "itmSUITE.local"):
| |
| − |
| |
| − | * 3. Back to "Local Intranet" option: click on '''Custom Level'''. In opened window activate the next option:
| |
| | | | |
| − | '''''User authentication\Logon\Automatic logon only in Intranet zone'''''
| + | ==== Basic Task ==== |
| − |
| + | TBC |
| − | * 5. Go to menu '''''Settings''''', tab <u>''Advanced''</u> and enable option <u>Enable Integrated Windows Authentication</u>.
| |
| − |
| |
| − | ==== Enabling NTLM on PC with Windows 7 or Vista ==== | |
| | | | |
| − | * 1. Press Windows button '''Start''', insert "regedit" and click on '''Ok'''.
| + | ==== Scripting Task ==== |
| − | * 2. Go to '''''HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa'''''
| + | TBC |
| − | * 3. Verify the existence of attribute "LmCompatibilityLevel"
| |
| − | * 4. If it not exist create a new DWORD (right click on folder Lsa, click on '''New''' and select "Value DWORD (32 bit)"
| |
| − | * 5. Set attribute "LmCompatibilityLevel" with value "1" exadecimal (in details).
| |
| − | * 6. Reboot user PC.
| |
| | | | |
| − | ==== Enabling NTLM / NTLM2 authorization in Mozilla Firefox ==== | + | ==== Outbound Comunication ==== |
| | + | itmSUITE® module can send information towards third parties software using scripting tasks. This can be performed: |
| | + | * Sending a preformatted mail |
| | + | * Calling a third parties web services |
| | | | |
| − | * 1. Type "about:config" in the address bar.
| + | [[File:Action task settings tab v1.0.jpg|centre|thumb|500x500px|Action Task Configuration]] |
| − | * 2. In the <u>Filter</u> field type the following "network.automatic-ntlm-auth.trusted-uris"
| |
| − | * 3. Double click the name of the preference that we just searched for and enter ''[[glossary|itmSUITE]]'' installation URL (example: "http://intranet.itmsuite.eu" )
| |
