Users use their credentials to activate inSync Client and log on to inSync Web. When you create a profile, you can choose to authenticate users by using their Active Directory (AD) or LDAP credentials or their inSync credentials. If you choose to use inSync credentials, users must type the password that inSync assigns for their user account. If you choose to use AD/LDAP credentials, users must type their AD/LDAP user ID and password for authentication. Authenticating users through an AD/LDAP helps reduce the time and effort that you require to manage user accounts.
Dos and Don’ts for configuring the authentication method for users
- You can change the authentication method for users from inSync Password to AD/LDAP Account.
- For integrated mass deployment, you must configure your AD for user authentication. Integrated mass deployment only works if your organization uses AD for user authentication.
- Do not change the authentication method for users from AD/LDAP Account to inSync Password. The user authentication fails and you have to reset the password for all the users of that profile.
- Do not use AD/LDAP authentication for users created on inSync Master. Authentication fails because during inSync Client activation, inSync Master does not find their details in your AD/LDAP.
To enable user authentication using an AD/LDAP for an existing profile
- On the inSync Management Console menu bar, click Profiles.
- Select the profile for which you want to change the authentication method.
- Click the General tab click Edit. The Edit Profile window appears.
- Under User Privacy & Access Policies, in the Login using list, click AD/LDAP Account.
- From the Select AD/LDAP Server list, select the host IP / FQDN of the server on which your AD/LDAP is installed.
- Click Save.