You can configure TimeLive to authenticate the requester login with the active directory (AD). This provides you an advantage of not having to remember too many passwords. For this, you should configure AD authentication, then any password change that is made in the AD will also reflect in TimeLive. So the requesters can login using the login name and password of the system.
TimeLive Active Directory integration concepts:
TimeLive supports two types of active directory authentication.
- First option is automated way through which user will be automatically added as an employee in TimeLive if that particular user is the member of the corresponding mapped group in Active Directory.
- Using role management in admin options, you can configure TimeLive role mapping with Active Directory group. A user will automatically be assigned to that role in TimeLive if he is the member of the corresponding group member in active directory.
- For example, if an employee is a member of the TimeLive User group in [Active Directory], he will be automatically added as an employee in timelive on the first login with [User] role in TimeLive.
- By default, TimeLive comes with two TimeLive roles with their active directory corresponding roles mapping. You can define your AD Group in TimeLive Roles management page.
- AD Group [TimeLiveAdministrator] —> map to TimeLive [Administrator] role.
- AD Group [TimeLiveUser] —> map to TimeLive [User] role.
- Second way is to add all your employee manually in TimeLive. The administrator can define active directory username of employees during new employee creation. After adding an employee with their active directory username, they can login in TimeLive using their active directory username and password.
Step by step: Active Directory integration:
TimeLive active directory integration required setup on two places. One is in active directory and second is defining server parameters in system configuration pages.
Step1: Changes required in Active Directory:
Here are the steps which are required to be done on active directory side.
- IT Administrator should decide first, exactly which Active Directory username will work as TimeLive Administrator. In this help section, we have assumed one AD user with username [LivetecsIT]
- Create a new [TimeLive Service User]. TimeLive APIs will use this username and password to communicate to Active Directory. Create a service user with name “timeliveserviceuser”.
- Define some password for “TimeLive Service User” and make sure that [Password never expires] should be checked and [User must change password at next login] should be unchecked.
- Create a new security group [TimeLiveAdministrator] in Active Directory.
- Now assign your user which you want to work as TimeLive Administrator, in [TimeLiveAdministrator] group. This user will become [Administrator] in TimeLive. Make sure that this user should have [First Name], [Last Name] and [EmailAddress] information are filled in Active Directory.
Step 2: Changes required in TimeLive:
- On first-time execution, after database setup, TimeLive first open [Account Add] page where a user can enter their organization and administrator user information. Do not fill this form if you are going to setup on [Active Directory] integration.
- Open [System Configuration] page (http://timeliveurl/home/systemsetting.aspx), where you can define system level parameters like active directory integration, database connection string and SMTP server.
- Select [Active Directory Authentication] checkbox to select your authentication mode as Active Directory.
- Enter “LDAP://YourServerName” in [Active Directory Connection String]. Yourservername should be replaced with physical server name where the Active Directory is installed. Please see below screenshots to get an exact idea of which value will appear where.
- Enter domain name in [Active Directory Domain Name] field. The domain name should be pre-windows 2000 server name instead of actual domain name.
- Enter your [TimeLive Service User] username in [Active Directory Username] field. Username should be in an exact same case which is in Active Directory. Make sure that your (pre-windows 2000) username and your actual username are same.
- Enter [TimeLive Service User] user’s password in [Active Directory Password] field.
- Click on [Update] to update these changes.
- After update, TimeLive will open new account add page.
- Enter your organization information in the top portion.
- Enter [TimeLive Administrator username] which you earlier assigned in [TimeLiveAdministrator] group in Active Directory. TimeLive will automatically populate FirstName, LastName and email address from Active Directory.
- Enter Active Directory password and verify password of [TimeLive Administrator user]. This should be active directory password of the TimeLive administrator user.
- Enter First Name, Middle Name, and Last Name.
- Click on [Sign up] to complete Active directory integration steps.
- This administrator can now sign-in in TimeLive using his [TimeLive Admin] (LivetecsIT in above case) active directory username and password.
- Now administrator can add other employees using [Administration] —> [Employees] option by specifying AD username in [User name] field.
- New employee will be automatically added if they are member AD Group whose mapping is defined with TimeLive roles.
Note: Migrating from standard authentication to Active Directory authentication:
- In case, if Active Directory is being set up for switching from already setup standard authentication to Active Directory authentication, system will redirect to login page directly instead of account add page. An administrator can log in with TimeLive admin user created using instructions mentioned above.
- Just make sure that email address of TimeLiveAdministrator user should not be already defined to some other user.
- This administrator can now login in TimeLive using his [TimeLive Admin] (LivetecsIT in above case) active directory username and password.
- After login, the administrator should edit every employee which are already defined in TimeLive and change value of “username” field from their email address to Active Directory login id.
- After having Active Directory login id in username field in employee form, the employee then will be able to log in using their Active Directory username and Active Directory password with their data, which they already have in TimeLive.