This page (revision-32) was last changed on 26-Nov-2021 10:22 by Kevin Higgs

This page was created on 26-Nov-2021 10:22 by jmyers

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
32 26-Nov-2021 10:22 8 KB Kevin Higgs to previous
31 26-Nov-2021 10:22 7 KB Lilia Urtan to previous | to last
30 26-Nov-2021 10:22 7 KB ibarr to previous | to last
29 26-Nov-2021 10:22 7 KB ibarr to previous | to last
28 26-Nov-2021 10:22 7 KB ibarr to previous | to last
27 26-Nov-2021 10:22 7 KB ibarr to previous | to last
26 26-Nov-2021 10:22 7 KB ibarr to previous | to last
25 26-Nov-2021 10:22 6 KB kparrott to previous | to last LDAP FACTORY(System Preference) ==> LDAP FACTORY(System_Preference)
24 26-Nov-2021 10:22 5 KB kparrott to previous | to last LDAP_UNAME_LCASE(System Preference) ==> LDAP_UNAME_LCASE(System_Preference)
23 26-Nov-2021 10:22 5 KB kparrott to previous | to last
22 26-Nov-2021 10:22 5 KB kparrott to previous | to last
21 26-Nov-2021 10:22 5 KB kparrott to previous | to last

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 8 changed one line
The clients desire to have integration with LDAP servers such as Microsoft Active Directory for login authentication for Self-Service interfaces, to allow user to use their network login user ID and password to login to the application, yet also wants to protect user’s personal data from being viewed by others when user is away from their PC, or in situations where multiple employees may be sharing one PC.
This provides integration with LDAP servers such as Microsoft Active Directory for login authentication for Self-Service interfaces, to allow user to use their network login user ID and password to login to the application. At the same time the user’s personal data is protected from being viewed by others when the user is away from their PC, or in situations where multiple employees may be sharing one PC.
At line 10 changed one line
While the majority of users are on the client’s network utilizing Active Directory, there are several departments on their own networks as well as other groups of users, such as retirees, who do not have Active Directory accounts on the client’s network. For users with Active Directory accounts, password management (issuing/resetting) needs to be performed through the client’s Help Desk. For users without Active Directory accounts, password management will be handled through the application’s existing password management functionalities.
While the majority of users are on the client’s network utilizing Active Directory, there are several departments on their own networks as well as other groups of users, such as retirees, who do not have Active Directory accounts on the client’s network. For users with Active Directory accounts, password management (issuing/resetting) needs to be performed through the client’s Help Desk. For users without Active Directory accounts, password management will be handled through the application’s existing password management functionality.
At line 13 added one line
At line 16 changed one line
There are Preferences on the IMST that must be setup in order for this to be activated in the Self-Service system.
There are preferences on the [IMST] that must be setup in order for this to be activated in the Self-Service system.
At line 18 changed 3 lines
*SS LOGIN TYPE – must be set to “ACCESSOR”
*LDAP AUTH ON – ‘Y’ or ‘N’ to enable or disable, respectively, LDAP authentication. Defaulted to ‘N’.
*LDAP HOST – hostname for the external LDAP server. As an example, at HLC, our Active Directory hostname is ‘valasca.highlinecorp.com’. Defaulted to ‘’.
*SS LOGIN TYPE - Must be set to “ACCESSOR”
*LDAP AUTH ON - ‘Y’ or ‘N’ to enable or disable, respectively, LDAP authentication. Defaulted to ‘N’.
*LDAP HOST - Hostname for the external LDAP server. As an example, at HLC, our Active Directory hostname is ‘valasca.highlinecorp.com’. Defaulted to ‘’.
At line 22 changed one line
The Accessor information (Access Key & Password) must be established for each Identity table (IEID). The password can be cleared out ONLY if the LDAP AUTH ON site preference is set to Y.
The accessor information (access key & password) must be established for each Identity table ([IEID]). The password can be cleared out ONLY if the LDAP AUTH ON site preference is set to 'Y'.
At line 25 changed one line
When the user selects the Self-Service interface, the application will display the appropriate login page:
When the user selects the Self Service interface, the application will display the appropriate login page:
At line 28 changed one line
*When the user clicks “Continue” the application will verify the Access Key against the Accessor records for the Identities table (IEID) and if it exists then it will authenticate both the user name and password against Active Directory.
*When the user clicks “Continue” the application will verify the Access Key against the Accessor records for the Identities table (IEID) and if it exists, then it will authenticate both the user name and password against Active Directory.
At line 30 changed one line
**If Active Directory authentication fails, before displaying a failed login message, authenticate using standard ePersonality methods. IF the password is NULL in ePersonality the User is ONLY allowed to log in via the Active Directory authentication.
**If Active Directory authentication fails, before displaying a failed login message, authenticate using standard ePersonality methods. IF the password is NULL in ePersonality the user is ONLY allowed to log in via the Active Directory authentication.
At line 33 changed one line
For the Employee/Manager Self-Service interface, clients have the ability to add header/footer pages to the Forgotten Password page so as to be able to indicate the steps the user should take when the user is a member of the client’s Active Directory. This is done in the IMMS for Message “SS_CHG_PW_EN_10”.
For the Employee/Manager Self Service interface, clients have the ability to add header/footer pages to the Forgotten Password page so as to be able to indicate the steps the user should take when the user is a member of the client’s Active Directory. This is done in the [IMMS] for message “SS_CHG_PW_EN_10”.
At line 35 changed one line
If the Access Key is entered and found to currently have a NULL password a new password should not be generated and the user should be given a message back to indicate they are “externally authenticated” and need to contact their system administration.
If the Access Key is entered and found to currently have a NULL password, a new password should not be generated and the user should be given a message back to indicate they are “externally authenticated” and need to contact their system administration.
At line 37 changed one line
Ex: Server is set to authenticate user against external LDAP server. User sees this screen after clicking on ‘Forgot Password?’ link.
Ex: Server is set to authenticate the user against external LDAP server. User sees this screen after clicking on ‘Forgot Password?’ link.