1.15 Linking with Active Directory

By linking with Active Directory, you can use users and groups managed by Active Directory in JP1/AO. Note, however, that you can link with Active Directory when JP1/AO uses Active Directory as the LDAP directory server.

To enable Active Directory linkage, you must set the configuration file for external authentication server linkage. In addition, if necessary, register a user or a user for LDAP search in Active Directory.

Also, when using the Active Directory linkage function, you can select whether to enable group linkage. Depending on whether group linkage is used, available functions differ.

• When group linkage is not used

  Active Directory authenticates users.

  JP1/AO registers or deletes users in/from a user group.

  For this purpose, the same users must be registered in JP1/AO and Active Directory. When doing so, you do not need to set passwords for JP1/AO.

• When group linkage is used

  Active Directory authenticates users.

  Register and use Active Directory groups as JP1/AO user groups. Active Directory registers or deletes a user in/from a group.

  As a result, you do not register users in JP1/AO .

Next, advance registrations and the user authentication flow when group linkage is not used, or when group linkage is used separately.

When group linkage is not used

Match a JP1/AO user ID and an Active Directory user ID as a user who logs in to JP1/AO for registration. It will be no longer necessary to manage passwords in JP1/AO just by registering them in Active Directory.

If LDAP is specified for the authentication method in JP1/AO user information when a user logs in to JP1/AO, you can use information managed by Active Directory for the login.

The following figure shows the user authentication flow when Active Directory linkage does not use group linkage.

Figure 1‒32:  User authentication flow for Active Directory linkage (when group linkage is not used)

When group linkage is used

You can manage Active Directory groups as JP1/AO user groups. As a result, you do not need to register users registered in Active Directory groups in JP1/AO. By allocating a resource group to an Active Directory group, you can use the resource.

If user information is not registered in JP1/AO when a user logs in to JP1/AO, it references user information in Active Directory to allow the login.

The following figure shows the user authentication flow when Active Directory linkage uses group linkage.

Figure 1‒33:  User authentication flow for Active Directory linkage (when group linkage is used)

Related topics

• Linking with Active Directory in the Job Management Partner 1/Automatic Operation Configuration Guide

• 8. Managing Users

• 10. Managing User Groups

To Page Top