Visual Paradigm Teamwork Server Active Directory Authentication (Group)
Teamwork Server supports two ways of authentication - built-in authentication and directory server authentication. While the built-in authentication allows you to easily set up and manage member accounts completely inside Teamwork Server, active server authentication allows users to login to Teamwork Server and VP Server with credentials stored in and managed by a directory server.
In order for directory server authentication to work, administrator has to install a utility called DS Connector, and have it configured to connect both VP Server and the directory server. DS Connector acts as bridge between VP Server and directory server. It's capable to synchronize user listing from directory server to VP Server, and to manage the authentication from Visual Paradigm to directory server, through VP Server.
In this page, you will learn how to work with Active Directory authentication from creating user groups in Active Directory to installing and configuring DS Connector. If you are interested in working with user instead of user group, please read Visual Paradigm Teamwork Server Active Directory Authentication (Groups). If you are interested in LDAP Authentication, please read Visual Paradigm Teamwork Server LDAP Authentication (Groups).
There are series of steps you need to take in order to make Active Directory authentication works. Please read through all the steps below without skipping any of them, even if you are familiar with Active Directory.
Step 1 - Creating organization unit, user and group in Active Directory
- Start the Server Manager in Windows Server.
- Click on Tools at top right and select Active Directory Administrative Center from the popup menu.
Open Active Directory Administrative Center
- Select your domain from the list on the left hand side.
- Create an Organizational Unit to house your corporate users. On the right navigation pane under Task > <domain name> click on New and then select Organizational Unit.
Create Organizational Unit
- Organizational unit is like a company. Enter the mandatory details and click OK.
Filling in the Organizational Unit screen
- This will immediately create the Organizational Unit in the designated location. Double click on your newly created Organizational Unit.
Double click on an Organizational Unit to edit it
- On the right navigation pane, click on New, and then select User from the popup menu.
- Enter the mandatory details such as user’s name.
Filling in the User screen
- Enter the password for the user.
- Change the Password options to Other password options. If you don't do this, you won't be able to login with this user account from Visual Paradigm products.
Change Password Option to 'Other password options'
- Click OK. Repeat step 7 to step 10 to create all users in Active Directory.
- On the right navigation pane, click on New, and then select Group from the popup menu.
- Enter the mandatory fields such as group name.
Filling in the Group screen
- Scroll down to the Members section. You can add users into the group in the Members section.
- Click Add....
Adding member into a group
- Enter the account name of the user you want to add into the group. Click OK.
Enter user's account name
- Click OK in the Create Group screen to confirm group creation.
Step 2 - Downloading DS Connector from VP Server
DS Connector acts as a bridge between VP Server and directory server. In this section you will see how to download DS Connector from VP Server.
- Open a web browser.
- Visit the Teamwork Server URL and login as administrator. Note that the login ID of the default server administrator is Admin.
- Select System Tools from the menu on the left hand side.
- Open the tab Single Sign-On.
- Click on Configure under the section Directory Service Connector.
To configure directory service connector
- Choose the operating system for the machine where Active Directory is installed.
Choosing the right operating system
- Click Download. Keep the dialog box opened as you will need to copy the key presented in the dialog box when you configure DS Connector in the next section.
Step 3 - Installing and configuring DS Connector
In this section you will install DS Connector, and configure it to make it connect to both VP Server and Active Directory.
- Copy the downloaded zip file to the machine where Active Directory is installed.
- Extract the zip file to a folder.
DS Connector (zip) extracted
- Open an elevated command prompt.
For Windows Server 2008 users, click the Start button, type cmd, and then right-click Command Prompt and select Run as administrator from the popup menu.
For Windows Server 2012 users, search cmd in the Apps screen, and then right-click Command Prompt and select Run as administrator at the bottom of the screen.
Run elevated command prompt
- Navigate to DS_Connector_12.1\service where DS_Connector_12.1 is the name of the folder extracted.
- Type the following command to install DS Connector as service:
Installing DS Connector as system service
- Run DS_Connector_12.1\DSConnectorUI.exe. Please run it as administrator to avoid any potential issues caused by insufficient write permission.
- When you run DS Connector the first time, you are prompted to configure the connection to VPository/Teamwork Server. In the Configure Server window, click Other and then select VP Server from the popup menu.
To configure connection to VP Server
- Enter the host name and port of VP Server.
- Enter the key, which is the code you saw in the end of the previous section. If you have accidentally closed that dialog box, or if the key has expired, don't worry, just click Configure again (step 5 of the previous section) to obtain another key.
Entering key for server configuration
- Click Connect. If succeed, you should see the message Server configuration succeed.
- DS Connector is now connected to VP Server. Now, you need to configure the connection to Active Directory. On the left hand side of the DS Connector Console, click Add Directory Server.
To add a directory server
- Select Active Directory as Directory Server.
Selecting Active Directory
- Enter a name for this configuration.
- Enter the host name and port of the Active Directory. As we suggested you to install DS Connector on the machine where Active Directory is installed, your host name is pretty likely to be localhost or 127.0.0.1. Regarding the port, while the default port of Active Directory is 389, you may need to confirm it with your administrator in case it has been changed.
- Enter Bind DN or User. You can check the required value from the Account details page of the administrator user. The value of User SamAccountName is the value you need to enter now.
Obtaining the Bind DN or user
- Enter the password for logging into Active Directory.
Configuring Active Directory connection
- Click Test Connection. If succeed, you should see the message Test connection succeed.
- Click Save in the Configure Directory Server window.
- The newly configured directory server is listed on the left hand side of the DS Connector Console. If necessary you can add more directory servers by repeating from step 11 until this step.
Directory server added
Step 4 - Synchronizing users to VP Server
In this section you will add users into DS Connector Console to let it synchronize the users to VP Server. When you finished this section, the chosen users can login Teamwork Server from Visual Paradigm, using the login details managed by Active Directory.
- Select the directory server in DS Connector Console.
Selecting a directory server
- On the right hand side, click Add.
- In the Add users/group window, select the user groups to be made available on Teamwork Server. The users in selected groups will become members of Teamwork server, and will have access to Visual Paradigm projects.
Select user groups to add to DS Connector Console
- Click Add.
- That's it. You can see the selected user groups listed on the right hand side of the DS Connector Console.
Users added to DS Connector Console
The user groups, along with the users will be synchronized to VP Server shortly (~1 minute). Once the synchronization has been completed, you will see the user groups available in the Members > Groups page of VP Server, like this:
User group synchronized to VP Server
Users synchronized from Active Directory
To login Teamwork Server from Visual Paradigm, please enter the Email(Login ID) as shown in the image above as Email, and the password stored in Active Directory as Password.
Login from Visual Paradigm
Union of permissions among user groups
It is legit and technically possible to have a user placed in mutliple user groups. For example, Mary is both a product manager and tester, and therefore belong to two different user groups for the two distinct roles. Because different level of permissions can be set to different groups, Teamwork Server takes the union of all and apply the result to the user. The following table shows you how it works. Let's say all the users in the table are members of group X, Y and Z. The "A" permission they enjoy is a union of the "A" permission specified in group X, Y and Z.
|Example of the union of permissions among user groups|
While permissions can be specified for user groups, it is also possible to specify permissions for every user, no matter he/she is inside a group or not. Permissions specified for user has a higher priority than thay specified for the user group(s) the user belong to. The following table shows you the idea. If you want to know how to specify permission for user, please read the page Visual Paradigm Teamwork Server Active Directory Authentication.
|Example of the permission overriding
The following resources may help you learn more about the topic discussed in this page.
- Visual Paradigm on YouTube
- Visual Paradigm Know-How - How to migrate Teamwork Server from Built-in Authentication to Active Directory Authentication
- Contact us if you need any help or have any suggestion
|7. Managing groups (LDAP)||Table of Contents||9. Managing projects|