Users use their credentials to activate inSync client and log on to inSync Web. When you create a profile, you can choose to authenticate users by using their Active Directory (AD) credentials or their inSync credentials. If you choose to use inSync credentials, users must type the password that inSync assigns for their user account. If you choose to use Active Directory credentials, users must type their AD user ID and password for authentication. Authenticating users through an AD helps reduce the time and effort that you require to manage user accounts.
Dos and Don’ts for configuring the authentication method for users
|You can change the authentication method for users from inSync Password to Active Directory.||Do not change the authentication method for users from Active Directory to inSync Password. The user authentication fails and you have to reset the password for all the users of that profile.|
|For integrated mass deployment, you must configure Active Directory for user authentication. Integrated mass deployment only works if your organization uses AD for user authentication.||If you are using the integrated mass deployment process, do not change the authentication method for users from Active Directory to inSync Password. Authentication fails because during inSync client activation, inSync Master does not find their details in your AD.|
|You can use inSync Password authentication for users that you are importing from your AD. In this scenario, do not use the integrated mass deployment process to deploy inSync clients.||Do not use Active Directory authentication for users created on inSync Master. Authentication fails because during inSync client activation, inSync Master does not find their details in your AD.|
Note: If you are using Active Directory (AD) for login, then inSync Client users can log in to inSync Client and Web, only when the connection to inSync Master is secured using a Signed SSL/TLS Certificate.
To enable user authentication using an AD for an existing profile
- On the inSync Master Management Console menu bar, click Profiles.
- Select the profile for which you want to change the authentication method.
- Click the Backup Policies tab.
- In the Retention and Access Policies area, click Edit. The Edit Profile window appears.
- Under Access Policies, in the Login using list, click Active Directory.
- In the Active directory host IP / FQDN box, type the IP/FQDN of the server on which your AD is installed.
- In the Active directory port box, type the port to access your AD. The port number for a domain controller is 636 for a secure connection and 389 for a non-secure connection. The port number for a global catalog server is 3289 for a secure connection and 3268 for a non-secure connection.
- If you want to access your AD on a secure connection, select the Use secure connection check box.
- Click Save.