Active Directory (AD) integration allows GainSeeker users to log in with their AD login credentials instead of their GainSeeker user name and password. You can also use it to automatically log in to GainSeeker.
This setting should only be modified by persons who have previous experience working with AD and related concepts. Failure to properly configure these settings may render GainSeeker inaccessible and may require technical support from Hertzler Systems.
With AD integration enabled, GainSeeker users must provide their AD login credentials - typically the Windows login name and password - instead of their GainSeeker user name and password.
You can also configure GainSeeker to automatically log in as the current Windows user for a single sign-on (SSO) experience.
Any Windows shortcut that launches a GainSeeker module and specifies a GainSeeker username and password continues to work as it did without AD integration.
Because the GainSeeker user name identifies important functions like user permissions and which configuration to use, you still need to set up GainSeeker users.
With AD integration, you must associate each GainSeeker user with one or more AD users or groups. You can use a combination of strategies for this AD association:
GainSeeker user associated
with an AD user:
Set up a GainSeeker user for a specific person and associate it with
their AD user name.
You may wish to do this for all GainSeeker users or only for a few
specific users such as GainSeeker administrators.
GainSeeker user associated
with multiple AD users:
Set up a GainSeeker user for multiple people who perform one function
- such as Data Entry for one department - and associate it with all
of those AD user names.
This reduces the number of GainSeeker users you need to create, but
you will need to edit this GainSeeker user every time you want to
add a new AD user to it..
GainSeeker user associated
with an AD group:
Set up a GainSeeker user for multiple people who perform one function
- such as Data Entry for one department - and associate it with one
or more AD groups.
This reduces the number of GainSeeker users you need to create and
eliminates the task of associating new AD users with the GainSeeker
user. When the AD administrator adds a new person to the AD group,
that person is automatically able to log in to GainSeeker.
You should also be aware that if one AD user and/or group is associated with multiple GainSeeker users, GainSeeker will prompt them to select which GainSeeker user to log in to. For example:
The AD user "laura.f.8629" is associated with the GainSeeker user "8629 Laura F.".
The AD group "ProductionSupport" - of which AD user "laura.f.8629" is a member - is associated with the GainSeeker user "Production Support".
Each time AD user "laura.f.8629"
logs in to GainSeeker, they are prompted to choose whether to log
in as the GainSeeker user "8629
Laura F." or the GainSeeker user "Production
Support".
If you wish to avoid this, work with your AD administrator to create an AD group that contains AD users who should only be associated with one GainSeeker user.
Follow these steps in the order presented.
Navigate to the Configurations tab in the System
Administration module.
Expand the System-wide settings
tree and then the Active Directory
tree.
Right-click or double-click Active
Directory domain and enter your Active Directory domain.
Click Submit to save this change.
In the System Administration module, click the Users
tab.
Expand the GainSeeker Logins
tree (if needed).
Find a GainSeeker user name with full rights - perhaps your own GainSeeker user - and expand its tree.
Right-click or double-click the Active
Directory association setting for this user.
If
the resulting Active Directory Association
window does not look similar to the example below, GainSeeker cannot
access the Active Directory domain you provided
earlier. You need to specify an Active Directory domain that GainSeeker
can access before continuing.
In the Search Username
box, type the AD user name you want to associate with this GainSeeker
user. You can also type part of the name and use * as a wildcard for
the remaining characters, like this example:
After AD returns a list of Active Directory Users that match your search criteria (which can be slow), check the box for the desired AD user name. Then click OK.
Click Submit to save this change.
Notify GainSeeker users that they will not be able to log in to GainSeeker until you have finished this process (unless using a Windows shortcut that launches a GainSeeker module and specifies a GainSeeker username and password).
In the System Administration module, click the Configurations
tab.
Expand the System-wide settings
tree and then the Active Directory
tree.
Select the Use Active Directory
for user login check box to enable AD integration.
On the confirmation prompt, click Yes.
Click Submit to save your changes. DO NOT CLOSE THE SYSTEM ADMINISTRATION MODULE.
Leaving the System Administration module open, launch a new
instance of any GainSeeker module. Do not use a shortcut that specifies
a GainSeeker user name and password.
If you can successfully log in to GainSeeker with the administrative
AD user name and AD password, you can close the GainSeeker module
you just opened and proceed to the next step.
If
this GainSeeker login was not successful, work with your AD administrator
to ensure that you are using the correct AD user name and password.
You may need to return to the System Administration module you left
open and change the AD user association
for the administrative GainSeeker user.
To automatically log in to GainSeeker as the current Windows user - bypassing the GainSeeker login window - you can enable Single Sign-on (SSO).
Return to the System Administration module you left open.
If needed, click the Configurations
tab and expand the System-wide settings
tree and the Active Directory
tree.
Select the Use Windows login
check box to enable SSO.
Click Submit to save your changes. DO NOT CLOSE THE SYSTEM ADMINISTRATION MODULE.
If you used your own AD user name for the AD user associated
with a GainSeeker user, proceed to the next step.
If not, associate another GainSeeker user
with your own AD user name before proceeding to the next step.
Leaving the System Administration module open, launch a new
instance of any GainSeeker module. Do not use a shortcut that specifies
a GainSeeker user name and password.
This should log you in to the new GainSeeker module without prompting
you for any user name or password.
If
this GainSeeker login was not successful, work with your AD administrator
to ensure that you are using the correct AD user name and password.
You may need to return to the System Administration module you left
open and change the AD user association
for the your GainSeeker user.
Use any combination of the methods below to associate all other GainSeeker users with AD users or groups.
Manually edit each GainSeeker user and associate them with one or more AD users or groups.
Import GainSeeker users from a file.
Import GainSeeker users from AD users and groups.
After this step, you can notify GainSeeker users that GainSeeker is accessible again and explain the change in logging in to GainSeeker.