Active Directory (AD) Integration¶
Active Directory integration is an optional module in the Volicon Observer solution.
Prerequisites¶
The following prerequisites need to be met for the AD integration to proceed:
Volicon needs to know the IP address or the Fully Qualified Domain Name (FQDN) of the AD server. The FQDN is more flexible and is preferred.
Add the Observer Web server to the AD domain.
Create a simple domain user with a non-expiring password and notify Volicon.
Provide Volicon with of your Organizational Units (OUs) and their basic structure.
Upgrade all the Observer servers to the latest qualified build prior to integration.
Configure all your client browsers to have the Web server address in their Intranet Zone or IE trusted zone
AD Operation¶
After all prerequisites are met, you must define several groups in the Observer. To do so you can access the system with a non-AD password through URL http://<server>/admin/
.
When using AD integration, the user’s set of permissions (including accessible channels and maximum number of concurrent channels played) is defined on the Observer groups (User Management section). You must also create identical group names as defined in Observer in the AD. Once completed, the administration of users’ access to Observer and their privileges will only be administered through the AD by adding or removing users as members of the different groups. One exception is the number of concurrent channels: though by default there is no limit, if defined the Observer settings will be used. Furthermore, if multiple groups define the number of concurrent channels, the highest number will be used even if it is set to unlimited.
Initially the user accesses the Observer system through a browser with only an IP address or a Domain Name. Access to the Observer system is the provided automatically according to the user’s assigned group(s) in AD, matching the user by group name to the defined Observer groups. If the user is a member of several groups, their effective permissions will be the sum of all permissions of those groups. The user’s name is automatically created internally within the Observer upon first logon; and is associated with the user generated content in the Observer - clips, programs etc.
Troubleshooting¶
One common issue in large organizations is that sometimes users cannot access the Observer system transparently and the username/password dialog pops up. This is caused when IE cannot determine correctly which webserver is in the Intranet security zone (i.e. accessed by IP). The solution is either to access the server by server name (FQDN) or to add the accessed Web server to the trusted security zone in IE.