We have a client using both Sales & Service 9 who would like to begin using Active Directory to sign into SuperOffice. They would like to test first for 1 user to make sure everything is set up correctly before setting this up company-wide.
The checklist set up by SuperOffice is as follows:
- Web server is enlisted in Active Directory
- The hostname used for accessing is registered in DNS (not hosts file)
- Remote NetServer (where Web and NetServer are on different servers) is not supported due to Kerberos double-hop issues
- Users are configured with Active Directory authentication in SuperOffice
- The IIS site where SuperOffice is located is configured to use Windows Authentication
- Customer Service & Pocket CRM must use a separate NetServer site where Windows Authentication is turned off. It can point to the same physical path as NetServer for Sales but with its own IIS Application with Windows auth turned off.
- You should now be able to test with your browser to see if SSO works for users.
- To enable SSO with Mail Link and TrayApp, you will need to change the protocolMapping to use WindowsAuth in the web.config file.
symmetricKey and symmetricSecret values are the same between SuperOffice Web and Customer Service config files
Add the following to the web.config file:
<add key="ImpersonateCsUser" value="True" />
<add key="CsUserName" value="" />
<add key="CsPassword" value="" />
<add key="CsDomain" value="" />
My question is: after these changes are made, can a mix of both SuperOffice & Active Directory logins exist together? Or, once the process begins, must the change to an Active Directory login be made for everyone at the same time? Will making these changes cause any type of detrimental effects for uses who are still allowing SuperOffice to be responsible for the username and password?