Configure Self Registration via Active Directory Authentication

Learn how to set up the Active Directory self-registration step by step with this guide.

Account administrators can use Active Directory self-registration to automatically authenticate and add customers to their account (see for more information about self-registration). Setting up Active Directory registration and authentication allows Active Directory users to be automatically registered as customers when they log in from a Company's internal network (by accessing the authentication web site that was created using the instructions below).

See Configure Customer Portal Settings for more information about setting up the Customer Portal.

Note: When new customers are created in this way, Service Desk auto-populates the following contact information taken from the customer's Active Directory account: name, email address, phone number(s), job title and department. These fields are completely customizable within Default.aspx.cs under the GenerateRedirectParams. Any additional parameters must match a Service Desk equivalent or they will be ignored. The only required fields are First Name, Last Name and Email.

Active Directory Registration System Requirements

To configure Active Directory authentication, the following are required on the server the agent is using:

Microsoft Internet Information Services (IIS) 7 or newer with Windows Authentication enabled
ASP.NET 4.0 or newer
.NET Framework 4.0 or newer
Access to Active Directory

Setting up Active Directory Self Registration

Agents can use the following steps to set up Active Directory registration and authentication for their Customer Portal.

Note:

This feature is available to account administrators only.

First enable "Allow customer self registration" and "Anyone can register" for the services you want to include, then enable the "Allow AD Registration & Authentication" option. Additionally, admins can save their Active Directory login URL for so it can be easily viewed (e.g., http://myhost.local:8080).

Note: The "Secret Token" that appears below the check box will be needed in Step #2(b).
Download and modify the XML Configuration File as follows:
1. Download the sample authentication website here, then unzip and save the file (it is recommended that it be saved under C:\inetpub\wwwroot).
2. Open the Web.config file with any text editor (e.g., Microsoft Notepad) and modify the following values:
  - ADHost - Enter the host name of your Active Directory server.
    Note: < add key="ADHost" value="ENTER VALUE]" / >
  - ADContext - Enter the context you are connecting to (e.g., CN=Users, DC=domain, DC=com).
    Note: < add key="ADContext" value="[ENTER VALUE]" / >
  - ADUsername - Enter the user that has permission to perform Active Directory lookup (e.g., DOMAIN\username).
    Note: < add key="ADUsername" value="[ENTER VALUE]" / >
  - ADPassword - Enter the password of the user entered above.
    Note: < add key="ADPassword" value="[ENTER VALUE]" / >
  - AssistUrl - Change "[youraccount]" in the following URL to your specific Customer Portal subdomain (which can be viewed under Configure > Customer Emails > Portals > Portal Settings): "https://[youraccount].assist.com/portal/session/remote" (be sure to leave the rest of the URL intact).
    Note: < add key="AssistUrl" value="https://[YOURACCOUNT].assist.com/portal/session/remote/" / >
  - SecretToken - Enter the Secret Token from Step #1 (view under Configure > Customer Emails & Portals > Self Registration).
    Note: < add key="SecretToken" value="[ENTER VALUE]" / >
  - AdConnectionString - Enter the Lightweight Directory Access Protocol (LDAP) connection string for the initial Active Directory authentication.
    Note: < add name="ADConnectionString" connectionString="ldap://domain.com/CN=Users,DC=domain,DC=com"/ >
  - ADMembershipProvider - Under "connectionUsername" and "connectionPassword," enter the same values entered for ADUsername and ADPassword above.
    Note: connectionUsername="[ENTER VALUE]"connectionPassword="[ENTER VALUE]"
3. Save and close the web.config file.
Create an authentication website that redirects customers to the Customer Portal as follows:
1. Open Internet Information Services (IIS) Manager (Control Panel > Administrative Tools).
2. Click Sites in the left navigation, then click Add Website in the right-navigation.
3. In the Add Website window, modify the following fields:
  - Site Name - Enter a name for the new authentication website.
  - Application pool - Set to "ASP.NET v4.0" by clicking Select > ASP.NET v4.0 > OK.
  - Physical Path - Click the Browse button and select the folder where the unzipped folder from Step #2(a) was saved.
4. Make any desired changes under "Binding," then click OK.
5. Double-click the new site to open the settings, then click Authentication.
6. Ensure that "Windows Authentication" is the only item set to "Enabled," and that the rest are "Disabled" (right-click each item to enable/disable it).
7. Click the new website in the left navigation.
8. In the right navigation, click the Restart link. Then click the Browse [hostname] on *:[port][type] link to ensure that the new website redirects customers to the Customer Portal, as desired.
  
  Note: If the Restart link is disabled, try stopping the Default Website and then starting the new website. This may occur if you did not enter a valid hostname in Step #3(d).