Active Directory integration with GainSeeker

Active Directory (AD) integration allows GainSeeker users to log in with their AD login credentials instead of their GainSeeker user name and password. You can also use it to automatically log in to GainSeeker.

This setting should only be modified by persons who have previous experience working with AD and related concepts. Failure to properly configure these settings may render GainSeeker inaccessible and may require technical support from Hertzler Systems.

 

Contents  [Hide]

 

Overview

Logging in with AD integration

With AD integration enabled, GainSeeker users must provide their AD login credentials - typically the Windows login name and password - instead of their GainSeeker user name and password.

You can also configure GainSeeker to automatically log in as the current Windows user for a single sign-on (SSO) experience.

Any Windows shortcut that launches a GainSeeker module and specifies a GainSeeker username and password continues to work as it did without AD integration.

Mapping AD users or groups to GainSeeker users

Because the GainSeeker user name identifies important functions like user permissions and which configuration to use, you still need to set up GainSeeker users.

With AD integration, you must associate each GainSeeker user with one or more AD users or groups. You can use a combination of strategies for this AD association:

You should also be aware that if one AD user and/or group is associated with multiple GainSeeker users, GainSeeker will prompt them to select which GainSeeker user to log in to. For example:

If you wish to avoid this, work with your AD administrator to create an AD group that contains AD users who should only be associated with one GainSeeker user.

Configuring AD integration

Follow these steps in the order presented.

A. Set the Active Directory domain

  1. Navigate to the Configurations tab in the System Administration module.

    Expand the System-wide settings tree and then the Active Directory tree.

  2. Right-click or double-click Active Directory domain and enter your Active Directory domain.

  3. Click Submit to save this change.

B. Associate an administrative GainSeeker user with an Active Directory user

  1. In the System Administration module, click the Users tab.

    Expand the GainSeeker Logins tree (if needed).

  2. Find a GainSeeker user name with full rights - perhaps your own GainSeeker user - and expand its tree.

  3. Right-click or double-click the Active Directory association setting for this user.

    If the resulting Active Directory Association window does not look similar to the example below, GainSeeker cannot access the Active Directory domain you provided earlier. You need to specify an Active Directory domain that GainSeeker can access before continuing.

  4. In the Search Username box, type the AD user name you want to associate with this GainSeeker user. You can also type part of the name and use * as a wildcard for the remaining characters, like this example:

  5. After AD returns a list of Active Directory Users that match your search criteria (which can be slow), check the box for the desired AD user name. Then click OK.

  6. Click Submit to save this change.

C. Enable and test Active Directory integration

  1. Notify GainSeeker users that they will not be able to log in to GainSeeker until you have finished this process (unless using a Windows shortcut that launches a GainSeeker module and specifies a GainSeeker username and password).

  2. In the System Administration module, click the Configurations tab.

    Expand the System-wide settings tree and then the Active Directory tree.

  3. Select the Use Active Directory for user login check box to enable AD integration.



    On the confirmation prompt, click Yes.

  4. Click Submit to save your changes. DO NOT CLOSE THE SYSTEM ADMINISTRATION MODULE.

  5. Leaving the System Administration module open, launch a new instance of any GainSeeker module. Do not use a shortcut that specifies a GainSeeker user name and password.

    If you can successfully log in to GainSeeker with the administrative AD user name and AD password, you can close the GainSeeker module you just opened and proceed to the next step.

    If this GainSeeker login was not successful, work with your AD administrator to ensure that you are using the correct AD user name and password. You may need to return to the System Administration module you left open and change the AD user association for the administrative GainSeeker user.

D. (optional) Enable and test Single Sign-on

To automatically log in to GainSeeker as the current Windows user - bypassing the GainSeeker login window - you can enable Single Sign-on (SSO).

  1. Return to the System Administration module you left open.

    If needed, click the Configurations tab and expand the System-wide settings tree and the Active Directory tree.

  2. Select the Use Windows login check box to enable SSO.

  3. Click Submit to save your changes. DO NOT CLOSE THE SYSTEM ADMINISTRATION MODULE.

  4. If you used your own AD user name for the AD user associated with a GainSeeker user, proceed to the next step.

    If not, associate another GainSeeker user with your own AD user name before proceeding to the next step.

  5. Leaving the System Administration module open, launch a new instance of any GainSeeker module. Do not use a shortcut that specifies a GainSeeker user name and password.

    This should log you in to the new GainSeeker module without prompting you for any user name or password.

    If this GainSeeker login was not successful, work with your AD administrator to ensure that you are using the correct AD user name and password. You may need to return to the System Administration module you left open and change the AD user association for the your GainSeeker user.

E. Associate remaining GainSeeker users with AD users or groups

Use any combination of the methods below to associate all other GainSeeker users with AD users or groups.

After this step, you can notify GainSeeker users that GainSeeker is accessible again and explain the change in logging in to GainSeeker.