SuperOffice uses a plugin-based, open-ended authentication system. By default we deliver an Active Directory authentication plugin and the SuperOffice authentication type. To be able to change and add users you need the functionall right General administrator or User administrator.
Active Directory authentication
SuperOffice integrates well with existing Active Directory infrastructure allowing users to easily log in using their existing domain credentials. This is a user-friendly and secure way to integrate SuperOffice into your environment and it does not impose new credentials for your users to remember. Another advantage is that the existing password policy is enforced making sure that users have strong passwords
From SuperOffice 8.1 all user authentication is done by the Web client. In earlier versions both Web and Service had their own login making AD authentication a bit more difficult than from 8.1.
If you have users from different domains, then make sure that the domain you want to add users from is set up in the SuperOffice Web configurator when you add users.
Please note, our recommended installation scenario #2 is to use Reverse Proxy in the DMZ. To get the Single Sign-on experience where the user does not get the login dialog at all, it would require that the Active Directory is exposed to the DMZ. This is NOT a recommende scenario and we strongly adwize against that.
How to setup AD autentication
You need to enable and setup AD authentication in Netserver:
- Open the Product configuration application.
- Click on the AD integration section.
- Tick the Enable AD Authentication checkbox
- Fill in the correct AD Domain, Username, Password and Container. Container is the root node in AD from where the lookup procedure will start looking for AD users when linking them to SuperOffice users.
- Click on the Validate button to confirm that your AD user can authenticate.
SuperOffice NetServer server is not in your Active Directory domain
The Settings and Maintenance (Administration) module in SuperOffice 8 is entirely Web based, which means that the module totally relies on the NetServer. To find and import Active Directory users your SuperOffice NetServer server has to be in the Active Directory domain.
SuperOffice user and Active Directory link has been lost or corrupted in the database
SuperOffice CRM uses SID (security identifier) value to link an Active Directory identity to SuperOffice user. If for some reason SID has been changed, user won't be able to login and you won't find it in the AD user list. We recommend to follow the steps below to troubleshoot this situation:
- Make sure that the user object in Active Directory was populated with First Name, Last Name and Display Name attributes.
- Checked that the Security pane on the user object have "Allow inheritance" ticked on - on the actual object and all the corresponding OU's.
Note! These are prerequisites for Active Directory authentication to work.
- Open user object and take a note of SID of the user in question.
- In SuperOffice database look up the associate_id in the ASSOCIATE table
- In CREDENTIALS table, make a search for the SID or check which SID associate has.
- If it is different, delete the row of this user in CREDENTIALS table and re-link the user in SuperOffice administration client.