2 Replies Latest reply on Aug 28, 2015 9:23 AM by kjstech

    Active Directory SSO to WHD?

    kjstech

      Trying to find a way to use active directory integration so when we sign into WHD we can use our regular AD / Windows username and password.  Basically if the user is a member of the IT group, take us to the admin interface of WHD.  How can this be accomplished?  I did search the kb and found things about SAML or CAS 2.0 but I'm not sure how to proceed. I did download some cas file from a kb article and when I changed this it took me to a JASIG Central Authentication Service (CAS) page which did not accept any credentials (nor did I find a way I could somehow create / define the AD account mapping). 

       

      We do have an AD FS web authentication page stood up for Office 365 portal so can we somehow use that?  There is nothing in the drop down for AD under the authentication settings.  We did demo this product and changegear, and changegear fully supported this but it was more than 3 times the cost then WHD, plus we already have some of the orion platform.

        • Re: Active Directory SSO to WHD?
          it@cristoreybalt.org

          If you set up an LDAP sync to your Active Directory (Setup > Clients > AD/LDAP Connections) and keep your Authentication Method (Setup > General > Authentication) as Web Help Desk, you will achieve your goal.

            • Re: Active Directory SSO to WHD?
              kjstech

              Ok thank you, after playing around with it yes it seems to be working now.  I am a tech and an admin so I found that in the techs my "admin" user name is used in there assigned to admin access to WHD.  So when I log in as my regular AD user name and password, I can just open tickets basically.  If I log in as my admin AD user name and password, then I can actually work the tickets.  So I guess it helps to have a split user approach (we've been doing it as its best practice anyway) so you can still see what things look like as a regular user.

               

              I did get AD FS working for a little bit but in reality it wasn't necessary.  Switched it back to web help desk authentication.  ADFS was nice in one aspect as it kept my session cached, but the problem was it was cached in a way I couldn't find out how to log out as my client and log in as my admin user.