Connect to an Active Directory server for QM and Analytics

You can use a connection to an Active Directory (AD) server in your environment for user authentication, sync, or both.

To unlink synced users, go to Unlink synced users.

Page location

Application Management > Global > System Configuration > Active Directory Configuration

Prerequisites

  • At least one configured AD domain exists.
  • Each AD domain has at least one configured user path.
  • The Workforce Optimization server is in the same domain as the user.

Procedures

Configure Active Directory

NOTE   For more information about any of the fields on this page, go to About Active Directory configuration for QM and Analytics in the Workforce Optimization User Guide.

  1. Select Create New Active Directory Configuration.
  2. Enter the Domain Name, Host Name, Port, User Name, and Password in the Active Directory Authentication section.

  3. (Optional) Select the Use SSL check box, and then import the certificate.
  4. (Sync only) Enter the Root DN, Organizational Units, and Synchronization Interval (Minutes) in the Active Directory Sync section.
  5. (Sync only) Select the property to match the AD user with the Workforce Optimization user from the User Profile Matching Property drop-down list.

    NOTE   After the AD sync is set up, the matching property allows you to verify that the sync is working and unlink users. Select Default to link users by Windows login.

  6. Click Test Connection to ensure that your AD connection is configured correctly.
  7. Click Save.
  8. (Sync only) Navigate to Application Management > Global > System Configuration > Data Server Configuration.
  9. (Sync only) Select the data server for AD sync from the Select Data Server Configuration drop-down list.
  10. (Sync only) In the Active Directory Sync section, select the Enable Active Directory Sync check box, and then move the AD server from Available to Assigned.
  11. (Sync only) Click Save.

Verify that AD sync is working

You can verify the AD sync after the synchronization interval has passed.

  1. Navigate to Application Management > Global > User Configuration > Users.
  2. Select a user who has the same identity as an AD user, based on the matching property that you selected in step 6 above. If the Unlink Agent section (below) appears on the screen, AD sync is working.

Unlink synced users

When a Workforce Optimization user and an AD user are unlinked, the following happens:

  • Changes to properties in the AD do not transfer to Workforce Optimization.
  • The user’s Windows login can be edited.
  • Workforce Optimization retains the Recording user profile and all the values stored in it.
  1. In Workforce Optimization, navigate to Application Management > Global > User Configuration > Users.
  2. If necessary, select the Edit an existing user radio button.
  3. Select the user to unlink from the Select User drop-down list.
  4. Click Unlink Agent from Active Directory Profile (in the Unlink Agent section). A warning message appears.
  5. Click Yes.
  6. Change the matching property field so that the Workforce Optimization user no longer has the same identity as the AD user.

    The following table describes how to change the Workforce Optimization user, depending on which matching property you selected when you linked the users.

    Matching Property Change

    First Name / Last Name

    Change the value in the First Name or Last Name field.

    Employee ID

    Change or delete the value in the Employee ID field.

    Default

    Change or delete the value in the Windows Login field.

    User Name

    Change the value in the User Name field.

  7. Click Save.
  8. (Optional) To permanently unlink users, change the equivalent properties in the AD. If you do not change the AD information, the Workforce Optimization user might be matched with the AD user again the next time the sync runs.

Related topics