This guide explains how to install and configure the Active Directory Authentication app in Deskpro. It covers setup for both Users and Agents, how to enable Auto Sync, and best practices to avoid license issues.

The Active Directory Authentication app enables you to log in Deskpro as Users and Agents using their existing Active Directory credentials.

Prerequisites / Requirements

Before setting up Active Directory Authentication, ensure you have:

Admin access to Deskpro.
An accessible Active Directory server (not blocked by firewall).
Service account credentials with permission to query Active Directory.
User records in your Active Directory must contain an email address for authentication to work.
Email address and password stored in Active Directory user records (required for authentication).
Sufficient Agent licenses if enabling Auto Sync for agents.

Creating agents from AD

By default, when you install Active Directory Authentication for agents, Deskpro allows existing agents to log in using their Active Directory credentials. Agents are matched by their email address.

You have additional options to control how Deskpro creates and updates accounts:

Auto Agent: Automatically creates a Deskpro agent account if one does not already exist. Otherwise, you must manually create a Deskpro account with the same email address before the agent can log in.
Auto Sync: Ensures that Deskpro accounts are created and regularly updated with the latest information from Active Directory. This process is one-way: from Active Directory to Deskpro. If you need to update account information, you should do it in Active Directory.

When enabled, Auto Sync will:

Create accounts from Active Directory records under the specified Base DN.
Keep Deskpro account details in sync with Active Directory.
Run automatically every day at 1 AM UTC.
Allow manual syncing at any time if required.

Warning

If Auto Sync is used for agents, ensure that your Active Directory does not contain more accounts than your available Deskpro agent licenses. Use filters to sync only the records you need. If you end up creating too many agents, it can prevent your helpdesk from working.

Installing AD

To set up Active Directory Authentication for users, go to Admin > CRM > Auth & SSO; to install it for agents, go to Admin > Agents > Auth & SSO. If you want to use Active Directory for both users and agents, you should install it in both places.

Click Active Directory Authentication, then select Add.
Enter the following details:
- Host: Active Directory server name.
- Port: Default is 389 (no encryption or TLS). Use 636 for SSL, or 3268 for Global Catalog.
- Base DN: The Distinguished Name (DN) where Deskpro should search for users/agents.
- Service Account Username & Password: Credentials for a service account with query permissions.
- Domain Name: Fully-qualified domain name.
- Optionally, enter a short NetBIOS style domain name in Short Domain Name.
- Enable the Disable SSL certificate validation option, if you use a self-signed certificate for your AD.
Adjust advanced settings if needed:
- Disable LDAP Paging: In most cases, you would not use this. If paging is not enabled or working on your AD server, you may find that you get 0 records when you try to sync, even when there are user objects under the Base DN. In that case, try disabling paging.
- LDAP Size Limit: Default 1000; adjust if your AD has a lower limit.
Click Test Settings and enter the credentials of a valid Active Directory user that is under the Base DN
If test is successful, click Add to install the application

Warning

If installing for agents, ensure you choose the correct Base DN. Do not create more agent accounts than your license allows.

After setup

Once your AD application is installed, don't forget to enable it by toggling the switch at the top left corner of the app.

You may also want to enable Auto Sync, add a Filter Filtering a Usersource to limit the access further, or add Login Actions Login Actions to add your users to usergroups automatically.

Auto Sync

If Auto Sync is enabled, you can also specify a time that you would like Deskpro to automatically sync with your Active Directory source or both users or agents. When Auto Sync is enabled this will be set to run at 1am UTC by default.

Troubleshooting & FAQs

No records are syncing from Active Directory?
- Confirm that the Base DN is correct.
- If your AD server does not support paging, disable LDAP Paging in the app settings.
- Click Test Settings and enter a valid user’s credentials to check if the connection is working and to see any error messages returned.
- Ensure your Deskpro server can reach the AD server (not blocked by firewall).
- If still unresolved, raise a ticket with Deskpro Support and provide the error details.
Agents can’t log in with their Active Directory credentials?
Ensure their Deskpro account email matches the email stored in Active Directory. If Auto Agent is enabled, confirm that you have enough agent licenses available.
Why aren’t Deskpro accounts updating after changes in AD even when auto-sync is enabled?
Deskpro will pull the changes during the next scheduled sync (1 AM UTC) or when you run a manual sync.
Do changes made in Deskpro sync back to Active Directory?
No. Auto Sync is a one-way process: from Active Directory → Deskpro. If you delete or update an account in Deskpro, the change will not be reflected in Active Directory.
What happens if Auto Sync creates more agents than my license allows?
Your helpdesk may stop functioning. Use the Filter option to limit which records are synced, or disable Auto Sync temporarily to regain access.
Can I sync both Users and Agents from Active Directory?
Yes, but you must install the Active Directory Authentication app separately under Admin > CRM > Auth & SSO (for Users) and Admin > Agents > Auth & SSO (for Agents).

Uporabno Neuporabno

0 od skupaj 1 oseb je ocenilo to stran kot uporabno.

naslednja stranMicrosoft Entra (Azure AD) SAML Setup Prejšnja stranAgent and User Authentication

Pred objavo komentarja se moraš prijaviti.