Active Directory Authentication with Windows Authentication

A feature that will allow clients to have some control over user access to CentralPark from Active Directory has been added. 

The concept is that domain administrators can create a group in Active Directory and set domain users as members of this group. When using CentralPark, with Windows Authentication, users can additionally be validated against this group. If the user exists in CentralPark but does not exist in the Active Directory group they will not be allowed access to the application. This assists domain administrators in controlling users access to CentralPark without having to access CentralPark. 

To use the feature the administrator should:

• Create a group in Active Directory
• Add the required users as members of the group
• Confirm that CentralPark is using Windows Authentication
• Access CentralPark and navigate to Setup -> Options
• At the bottom of the page is an Active Directory Settings section (Shown below)

• Set the value for the LDAP server and Allowed User Groups. 
• Only 1 server name can be specified
• Multiple user groups can be specified and must be separated by a ; 
• Test the settings and confirm that a success message is received.
•  If there is a failure message the values will not be allowed to be saved since that could prevent ALL users from accessing the system, including admins.
• Save the settings.

Now, when users access CentralPark they will first be validated in CentralPark. If they exist in CentralPark they will be validated against the list of groups in the Allowed User Groups field and if they exist in one of those groups they will be allowed access to CentralPark.