Applies to versions: 3.1, 3.2

LDAP: Active Directory Sign On Through IPSLOGIN

The Login Integration module (IPSLOGIN) provides an option for employees to log in to TimeIPS using their passwords from a remote LDAP server.

 

 

Using the left pane Main Menu » Administration, click on: System » Company/Divisions

 

Once a division is created, it will appear in the table below. Here you can finish setting up and make any changes needed.

• Click on the + (plus) sign to the left of the Division Name to expand the window.
• Click on the Alternate Login tab to the left.

 

Select "Active Directory (LDAP)" as the Alternate Login mechanism.

Click the Save Row button.

 

• Provide the domain name or IP address of the LDAP or Active Directory Server.
• LDAP Host: LDAP requires a valid Fully Qualified Domain Name for authentication. Provide the domain name associated with user accounts on the server. For example if you connected to LDAP using "bobsmith@hidehoco.com" then the host value would be "hidehoco.com"
• If the LDAP server is using LDAPS or SASL, check the Use SASL box.

 

 

Employee Configuration

In order for an employee to successfully use LDAP to log on to TimeIPS, two things must be configured correctly. 

1. The employee's record in the LDAP server must identify the employee as [username]@[LDAP Host] such as "bobsmith@hidehoco.com" in the previous example.
2. The employee's username in TimeIPS must match the username portion of the identifer in LDAP. In our example the username in TimeIPS must be "bobsmith" as well. TimeIPS is NOT case sensitive on usernames, but LDAP servers often are. Be sure capitalization matches between TimeIPS and the LDAP server.  If you need to change the case of a TimeIPS username, please note that because TimeIPS is not case sensitive, it will not see it as an actual change.  To make the change, set the username to something with different characters, then back to the original with the correct capitalization. In our example, to change "bobsmith" to "BobSmith" first change to "bobsmith1" then back to "BobSmith"

When employees attempt to log in to TimeIPS using their username and LDAP password TimeIPS will attempt to authenticate their username/LDAP Host combination against the server using the provided password. If this authentication fails for any reason then TimeIPS will fallback to its normal login procedure to attempt to authenticate with any password that might be stored in TimeIPS.