The Active Directory Authentication app enables you to log in users and/or agents with credentials from Active Directory.

You can optionally enable Auto Sync of data, so that Deskpro accounts are created and regularly updated with the latest information from Active Directory. This is a one-way process, from Active Directory to Deskpro. If you need to update account information, you should do it in Active Directory.

If you select this option, data will automatically be pulled from Active Directory daily at 1am. You can also sync manually at any time.

Creating agents from AD

By default, if you install Active Directory authentication for agents, DeskPRO allows existing agents to log in with their Active Directory credentials. Agents are matched using their email address.

You can optionally enable Auto Agent, which will automatically create an agent account for agents who don’t exist. Otherwise, you must create a Deskpro account with the same email address as the record in Active Directory, before the agent can log in using

You can also enable Auto Sync, which will create an agent account for every record under the Base DN you specify.

Installing AD

To set up Active Directory Authentication for users, go to Admin > CRM > Auth & SSO; to install it for agents, go to Admin > Agents > Auth & SSO. If you want to use Active Directory for both users and agents, you should install it in both places.

1. Click the Active Directory Authentication app, then click Add.

2. In Host, enter the Active Directory server name and add the port in the Port field.

   You must ensure that your Active Directory is accessible to your Deskpro server and not blocked by a firewall etc.

   Optionally, select the encryption method to use.

   The default port if you are not using connection encryption or are using TLS is 389. If you are using SSL encryption, the default is 636.

   On some configurations, you may need to specify port 3268 to search the Global Catalog.

3. In Base DN, enter the DN to search from for users. All Active Directory user objects below this node will become users/agents in Deskpro.

1. In Service Account Username and Service Account Password enter the username and password for an account to initially bind to the AD directory. The service account must have sufficient permission to run filter queries against the directory.

2. In Domain Name, enter the fully-qualified domain name for users in this directory.

   Optionally, enter a short NetBIOS style domain name in Short Domain Name.

3. If you use a self-signed certificate for your Active Directory server, enable the Disable SSL certificate validation option.

4. In most cases, you should not use Disable LDAP Paging. If paging is not enabled or working on your AD server, you may find that you get 0 records when you try to sync, even when there are user objects under the Base DN. In that case, try disabling paging.

5. In most cases, the default LDAP Size Limit of 1000 will work. If your Active Directory has a lower LDAP Size Limit than 1000, enter it here.

6. Click Test Settings and enter the username/email and password of a user who is under the Base DN.

7. If the test is successful, click Add to install the application.

After setup

Once your AD application is installed, don't forget to enable it by toggling the switch at the top left corner of the app.

You may also want to enable Auto Sync, add a Filter Filtering a Usersource to limit the access further, or add Login Actions Login Actions to add your users to usergroups automatically.

Auto Sync

If Auto Sync is enabled, you can also specify a time that you would like Deskpro to automatically sync with your Active Directory source or both users or agents. When Auto Sync is enabled this will be set to run at 1am UTC by default.