April 13, 2011

Active Directory Integration Tips

Surround SCM
Helix ALM
Helix ALM
Active Directory integration allows you to streamline the management of users by allowing users to use their domain credentials to log in to Seapine ALM and passing the management of credentials to Active Directory. The integration is configured using the Seapine License Server Admin Utility. New users are retrieved from the Active Directory server and existing users are associated with their Active Directory counterpart. Through the years working as a consultant, I have developed a set of common best practices that I'd like to share: Consider Multiple Connections Depending on the structure of your Active Directory tree, you may want to consider creating multiple connections. If the only way to query all the users is to point your connection to the root of the tree, you may want to consider creating a connection for each leaf. If your connection is pointing to the root of the tree, it will waste too much time querying leafs that contain printers, computers, and other resources that you don't need. Use a Mixed Mode Approach You can set up the integration where you require all users have to come from Active Directory or you can set it up where you can have both Active Directory users and users that only exist within the "seapine" domain. I recommend the latter for a couple of reasons. The first is that if your Active Directory server goes down, or there is an error in the communication chain, no one will be able to log in. Having an admin account that is not tied to AD will allow you to log in to the Seapine License Server and and troubleshoot the connection and take action. The second reason is that you might need accounts that are not in Active Directory. An example could be a user that will be used exclusively by a program. In this case, there is no need to create the user in Active Directory first. You Are Still In Control Even after you configure the integration with Active Directory, users will not automatically be retrieved into the Seapine License Server. You still control which users are imported into the license server, and which users are retrieved into each application. Don't Transition Everyone At Once If you already have been using Seapine ALM and are considering integrating with Active Directory, you can start by only associating a few users. This will allow you to test drive it before it is deployed to everyone. More Questions? If you have any questions, the best place to start is the Seapine License Server Admin user guide. The guide contains step-by-step instructions on how to configure the integration. If you run into issues, you may also want to check our knowledgebase or contact Seapine support for help.