Configure Self Registration via Active Directory Authentication
Account administrators can use Active Directory self-registration to automatically authenticate and add customers to their account (see for more information about self-registration). Setting up Active Directory registration and authentication allows Active Directory users to be automatically registered as customers when they log in from a Company's internal network (by accessing the authentication web site that was created using the instructions below). See Configure Customer Portal Settings for more information about setting up the Customer Portal.
Note: When new customers are created in this way, Service Desk auto-populates the following contact information taken from the customer's Active Directory account: name, email address, phone number(s), job title and department. These fields are completely customizable within Default.aspx.cs under the GenerateRedirectParams. Any additional parameters must match a Service Desk equivalent or they will be ignored. The only required fields are First Name, Last Name and Email.
Topics in this article:
To configure Active Directory authentication, the following are required on the server the technician is using:
- Microsoft Internet Information Services (IIS) 7 or newer with Windows Authentication enabled
- ASP.NET 4.0 or newer
- .NET Framework 4.0 or newer
- Access to Active Directory
Agents can use the following steps to set up Active Directory registration and authentication for their Customer Portal.
Note: This feature is available to account administrators only.
1. First enable "Allow customer self registration" and "Anyone can register" for the services you want to include, then enable the "Allow AD Registration & Authentication" option. Additionally, admins can save their Active Directory login URL for so it can be easily viewed (e.g., http://myhost.local:8080).
Note: The "Secret Token" that appears below the check box will be needed in Step #2(b).
2. Download and modify the XML Configuration File as follows:
a. Download the sample authentication website here, then unzip and save the file (it is recommended that it be saved under C:\inetpub\wwwroot).
b. Open the Web.config file with any text editor (e.g., Microsoft Notepad) and modify the following values:
ADHost- Enter the host name of your Active Directory server.
<add key="ADHost" value="ENTER VALUE]" />
ADContext- Enter the context you are connecting to (e.g., CN=Users, DC=domain, DC=com).
<add key="ADContext" value="[ENTER VALUE]" />
ADUsername- Enter the user that has permission to perform Active Directory lookup (e.g., DOMAIN\username).
<add key="ADUsername" value="[ENTER VALUE]" />
ADPassword- Enter the password of the user entered above.
<add key="ADPassword" value="[ENTER VALUE]" />
AssistUrl- Change "[youraccount]" in the following URL to your specific Customer Portal subdomain (which can be viewed under Configure > Customer Emails > Portals > Portal Settings): "https://[youraccount].assist.com/portal/session/remote" (be sure to leave the rest of the URL intact).
<add key="AssistUrl" value="https://[YOURACCOUNT].assist.com/portal/session/remote/" />
SecretToken- Enter the Secret Token from Step #1 (view under Configure > Customer Emails & Portals > Self Registration).
<add key="SecretToken" value="[ENTER VALUE]" />
AdConnectionString- Enter the Lightweight Directory Access Protocol (LDAP) connection string for the initial Active Directory authentication.
<add name="ADConnectionString" connectionString="ldap://domain.com/CN=Users,DC=domain,DC=com"/>
ADMembershipProvider- Under "
connectionUsername" and "
connectionPassword," enter the same values entered for ADUsername and ADPassword above.
c. Save and close the web.config file.
3. Create an authentication website that redirects customers to the Customer Portal as follows:
a. Open Internet Information Services (IIS) Manager (Control Panel > Administrative Tools).
b. Click Sites in the left navigation, then click Add Website in the right-navigation.
c. In the Add Website window, modify the following fields:
- Site Name - Enter a name for the new authentication website.
- Application pool - Set to "ASP.NET v4.0" by clicking Select > ASP.NET v4.0 > OK.
- Physical Path - Click the Browse button and select the folder where the unzipped folder from Step #2(a) was saved.
e. Double-click the new site to open the settings, then click Authentication.
f. Ensure that "Windows Authentication" is the only item set to "Enabled," and that the rest are "Disabled" (right-click each item to enable/disable it).
g. Click the new website in the left navigation.
h. In the right navigation, click the Restart link. Then click the Browse [hostname] on *:[port][type] link to ensure that the new website redirects customers to the Customer Portal, as desired.
Note: If the Restart link is disabled, try stopping the Default Website and then starting the new website. This may occur if you did not enter a valid hostname in Step #3(d).