Authenticating users with Active Directory - viewLinc 5.2

Vaisala viewLinc Enterprise Server version 5.2 User Guide

Document code
M212933EN
Revision
B
Language
English
Product
viewLinc 5.2
Document type
User guide
Ensure that there are not any groups inside the OU you specify for viewLinc. At present, nested groups are not supported by viewLinc.

To be able to use the Active Directory Sync feature, viewLinc requires that your Active Directory server uses a 2048-bit RSA certificate.

Manage System

You can simplify user authentication for your viewLinc deployment by setting up Active Directory Link.

Before you start this task, you should have already set up Active Directory (AD) with an organizational unit (OU), groups, and users. You should also create a specific Active Directory user with limited permissions whose user principal name (UPN) you will provide to allow viewLinc to access your AD server.

  1. In System Preferences select the Active Directory Link tab.
  2. Provide the appropriate details for the Active Directory connection:
    Host name
    Specifies the active directory domain name; must be fully qualified if the connection type (the next field) is Secured or Kerberos. If you have multiple domain controllers, do not specify the full server host name or you risk having viewLinc importing only the group but not the users.
    Connection type
    • Unsecured: Specifies unencrypted communication to the Active Directory. Username and password are required.

      Not recommended.

    • Secured: Specifies TLS-protected communication to the Active Directory. Username and password are required.
    • Kerberos: Specifies Kerberos security to the Active Directory. Username and password are not required. If omitted, the username and password applied to the service will be used; if provided, the service will impersonate the user.
    Port number
    Specifies the TCP port to connect on. For Unsecured connection types, 389 is the default; for Secured or Kerberos connection types, the default is 636.
    User principal name
    Specifies the username used for authentication to the Active Directory. Must be in UPN format: username@AD-domain
    User password
    Specifies the password for the UPN provided for Active Directory authentication. Required for Unsecured or Secured connection type.
    Server domain DN
    Specifies the distinguished name of the Active Directory server name, in the following format: dc=test,dc=local
    Organization unit DN
    Specifies the distinguished name of the organizational unit, in the following format: ou=viewLinc, dc=test,dc=local
    Synchronize every
    Specifies how often to synchronize identity data from Active Directory to your viewLinc server. If you do not specify a regular interval, you should manually click the Sync now button after changes to the Active Directory.
    User authentication method
    Specifies the authentication for users:
    • Domain: Use Windows server authentication. User must have login privileges on the viewLinc server.
    • Active Directory: Use Active Directory server authentication. User doesn't require login privileges on the viewLinc server.
  3. Provide the relevant details for the user property mapping:
    Mobile
    Name of the Windows property used to fetch the user's mobile number.
    Email
    Name of the Windows property used to fetch the user's email address.
    viewLinc PIN
    User's PIN for acknowledging alarms.
    This property doesn't exist by default, so you must create it in the Active Directory, if desired.
    Preferred language
    Name of the Windows property used to fetch the user's preferred language.
    This property doesn't exist by default, so you must create it in the Active Directory, if desired.
    Send alarm notification
    Name of the Windows property used to fetch the user's alarm notification setting.
    This property doesn't exist by default, so you must create it in the Active Directory, if desired.
    Audible alarm notification
    Name of the Windows property used to fetch the user's audible alarm setting.
    This property doesn't exist by default, so you must create it in the Active Directory, if desired.
  4. Click the Test connection button to ensure that the details provided are correct.