Table 1 is a worksheet that outlines the questions that need to be answered as part of the Active Directory service implementation on the Metasys system. For many of the actions listed in the table, you must be using an Active Directory service user account with sufficient privileges to search for users within Active Directory service. These privileges must span all domains that contain users who have SSO access to the Metasys system. Also, Active Directory service groups are normally managed by the IT department. A process must be enacted for managing the addition and removal of Metasys system users who are also Active Directory service users.
|
Question |
Answer |
Action Steps |
|---|---|---|
|
How many Active Directory service domains contain users who are to be added as Metasys system users? |
1 |
Join the Metasys server or SCT computer to the domain. Create only one Service Account under that domain. Specify the Service Account under Metasys Security Administration. For details, see Service account. |
|
More than 1 |
If trusts exist between all domains that contain Metasys system users, the Metasys server or SCT can be in any domain. Use a single Service Account within Active Directory service with access to all domains with Metasys system users. |
|
|
If trusts do not exist between all domains, the Metasys server can still be joined to any domain. However, if an Active Directory service user is in a domain that does not trust the domain that the Metasys server is in, the user is not able to take advantage of SSO login-free access to the Metasys system. The user can still use the Active Directory service user name, password, and domain at the Metasys login screen. Create one Service Account per domain that contains Metasys system users. For details, see Service account rules and Service account permissions. |
||
|
Are there any firewalls between the Metasys server and the Active Directory service domain? |
Yes |
Firewalls must be correctly configured to allow Active Directory service port and protocol access between the Metasys server and domains. This is a Microsoft prerequisite for joining a domain. For details, see Protocols, ports, and connectivity for the Metasys system. |
|
No |
No action required. |
|
|
Is every client computer that can run the Site Management Portal UI joined to an Active Directory service domain that is in the same domain as the Metasys server or in a trusted domain? |
Yes |
Verify that the Active Directory service is configured to allow the user to log in to the Windows Desktop with Active Directory service credentials. |
|
No |
Can the client computers be added to the domain that the Metasys server is joined to or to some other trusted domain?
|