All about LMS Active Directory Integration
Active Directory is the central directory service which is used by the majority of institutions. The primary function of Active Directory is the containment of data of all the users on an institution’s network. Not just user data, it also contains information about the group memberships of the users, i.e. it doesn’t matter whether a user is a student or a faculty, or to the classes they belong.
Active Directory is effective in authenticating external web applications. Owing to its versatility, Active Directory is used universally by universities and corporates alike. It means implementing authentication is so simple and straightforward that it requires only the installation of a piece of ‘connector’ software on the Active Directory server.
For this reason, many additional protocols and Identity Providers (IdPs) have come into existence. These identity providers play the role of secure ‘middle men’ between the central user directory and multiple external applications. The best part is that these ‘middle men’ do not require the organization to directly expose its Active Directory.
For example, your company may have employee data stored on your servers in Active Directory and you want to populate the tables in the Learning Management System with the employee name and identification number. It would be best if the information would update automatically when changes occur, so your company would need an Active Directory Interface built to transport the data into the Learning Management System.
This Windows OS directory service that facilitates working with interconnected, complex and different network resources in a unified manner. Active Directory has a database that keeps track of all the user accounts and passwords in an organization. It allows to store your user accounts and passwords in one protected location, which provides more security. One of the network service provided by Active Directory is LDAP (Lightweight Directory Access Protocol). LDAP is an open standard used to access other directory services.
Why connect an LMS with AD?
1. Users will be managed in one place (i.e. The Active Directory directory), which avoids duplication and maintains data consistency.
2. Users will be created, deleted or updated automatically in LMS
3. All the user profile details are automatically synced with LMS from Active directory
4. User are automatically put into appropriate LMS groups or cohorts depending on their profile field such as location or department or groups.
5. Users can connect to LMS with the same username and the same password, which they use to login to their organization’s computers or any other applications such as outlook or intranet. So no need to remember another username and password.
What is SSO (Single Sign On) in LMS?
SSO is a feature, which allows the user to connect to the LMS, using the same user ID and password, which is required to login to an individual’s computer, using the LDAP protocol in Active Directory.
How can a user login to the LMS, by using the LDAP protocol?
All the user ID’s and Passwords present in the Active directory are synced to the LMS via LDAP protocol, with the help of a CRON job that runs on the LMS server, as scheduled. When a user is logged into an organization’s computer, the User ID and Password is authenticated by the Active Directory and is allowed access to use the computer.
To access LMS, the user has to open a browser and enter the URL, during this process the SSO via NTLM comes into effect and the user is automatically logged into the LMS.
During a CRON job process, the users can be added/removed/updated from the LMS. This is based on the how the users have been updated in the Active Directory.
What is NTLM SSO?
NTLM SSO module of LMS allows user who has logged into windows PC using Active Directory credentials to open a browser and go directly to LMS without having to enter username and password. It is a single sign on based on Active directory authentication. Since user is already logged into PC using active directory credentials, NTLM can work if properly configured with LMS.
Note: NTLM authentication depends on LDAP authentication, and NTLM configuration is specified in the LDAP authentication settings page. So before trying to configure NTLM, make sure you have LDAP authentication properly setup and working.
In case you want to know more about AD LMS integration, or any other aspect associated with our unprecedented LMS. Contact us Now!