Because Microsoft Active Directory is most commonly used for external authentication, we have included the procedures here for adding user accounts for your domain. One of the benefits of using Active Directory is not just to implement user names and passwords, but to also take advantage of the organization features offered for managing users.
You can create individual Active Directory user accounts manually. If you use scripts, you can create a group of accounts simultaneously or import accounts from a different directory service, such as the Microsoft Exchange server.
FYI ASPs will want to set up a separate domain for their clients and then set up user accounts with passwords set to never expire. Firms and organizations hosting their own data can use their existing domain and user accounts, but because existing password policies typically require that passwords are changed regularly, these organizations should still enable Concordance security but not require a logon.
When using external authentication, it is necessary that user IDs and passwords in a Concordance database are identical to those used in the Active Directory. To do this, you will need to create organization units (OU) in the Active Directory specifically for FYI Server users and set passwords to never expire so that you are not updating passwords in both the Active Directory and Concordance databases if they did expire.
|
If you are using an existing domain with passwords set to expire, you must clear the Logon Required check box for each Concordance database on the Field rights tab in the Security dialog box in Concordance. |
To Set Up Individual Users in Microsoft Active Directory
1.Open Microsoft Active Directory.
2.In the Active Directory Users and Computers dialog box, expand the folder for your domain to display your client accounts arranged as organizational units.
3.If you need to create a client organizational unit, right-click the FYI domain folder, point to New, and then click Organizational Unit or click the New OU button.
i.Clicking Organizational Unit or the New OU button opens the New Object - Organizational Unit box.
4.In the New Object – Organizational Unit dialog box, type the folder name that best represents the client.
5.If the client folder already exists, right-click the folder, point to New, and then click User.
i.Clicking User opens the New Object - User dialog box.
6.In the First name field, type the user's first name.
7.In the Last name field, type the user's last name.
i.After entering the user's first and last name, the user's full name is automatically displayed in the Full name field.
8.In the User logon name field, type the user logon name based on your internal user account guidelines, and then click Next.
i.If two users have the same name, add a middle name or modify the name, as appropriate, to distinguish the two users.
ii.Clicking Next opens the New Object - User dialog box for entering the user's password.
9.In the Password and Confirm password fields, type a password that meets the Microsoft Windows complexity requirements:
•Includes a minimum of 8 characters.
•Does not contain your account or the full name.
•Contains at least three of the following four character groups: English uppercase characters (A through Z), English lowercase characters (a through z), Numerals (0 through 9), or Non-alphabetic characters (such as !, $, #, %).
|
We recommend that you avoid using symbols in your passwords as some may conflict with Concordance. Passwords that include backslashes, double backslashes or spaces are not accepted by Concordance. |
10.Select the Password Never Expires box, leave the other check boxes blank, and click Next.
i.Clicking Next opens the New Object - User dialog box for reviewing and saving the user information.
11.Review the new user’s information and then click Finish to add the user account.
12.After setting up the user in Microsoft Active Directory, set up the same user in the applicable Concordance database.
i.Remember to note the exact user information you entered in the New Object User dialog boxes since you must enter it identically for the user account in Concordance.
ii.For more information about adding users in Concordance, see Setting up users in Concordance.