Intro to Active Directory Connector v1.5
The ADC manages user and product provisioning for GoToMeeting, GoToWebinar, GoToTraining and OpenVoice user accounts in organizations using Active Directory. The ADC queries Active Directory groups and users and connects with the GoTo Admin Center to match or create accounts for new and existing users, update accounts for changed user records, or remove accounts for departing users. For companies with organizations set up, all new users are added to one of your validated company email domains. The ADC allows your IT department to define and maintain provisioning policies for GoTo products and apply them automatically and consistently.
Active Directory Groups
Formerly, the ADC only accessed users in the groups assigned through the ADC; users in nested subgroups within an assigned group were ignored. The ADC now accesses all users in an assigned group and all users in the nested subgroups within the group.
The ADC does not address authentication or authorization of users except to ensure they have (or do not have) a viable GoTo account. Users will still need to sign-on to the account with their user credentials within their Windows environment. Other products – GoToAssist, GoToMyPC, and Podio – use different protocols for provisioning. Do a web search for the product name and “provisioning” or “user management” to locate the provisioning solutions for each.
Implementation of the Active Directory Connector consists of installing the ADC, connecting the ADC to specific Active Directory groups, matching existing product account holders with Active Directory users, and running the ADC to provision users with product access. This process queries the Active Directory groups and your corporate account. All identified users from both sources are displayed in a User page.
Most customers have an existing account with a set of current users. The ADC User page provides a procedure administrators can follow to manage the different user groups for their organization. The procedure addresses and clears the simplest (and usually the largest number of) cases first, resulting in a refined list of user cases that need additional attention. The process to provision for the first time, or for newly added Active Directory groups, is:
Start the ADC - This queries the linked Active Directory groups and your GoTo account and displays all the users in the ADC Users page. You can now work with your users in three basic steps.
1. Recognize existing account holders to avoid reprovisioning. To do this, use Automatic matching to link Active Directory users to existing accounts where the emails are identical. Then manually match accounts where the same user has different credentials for the two accounts. (Alternately, you can delete the user's non-matching account and reprovision the user under their Active Directory credentials.)
2. Provision all new Active Directory users. This clears the Active Directory queue (unmatched AD users) of all but users with incorrect Active Directory data. Fix the data and these users will be provisioned automatically the next time you start the ADC.
3. Finally, review and correct as needed users with accounts and no Active Directory account. These may be Unix or Mac users, contractors, or other special cases. Create equivalent Active Directory accounts if you want to ensure all account management can be done by managing your Active Directory groups.
Users provisioned through the ADC receive an enrollment email. The email directs them to login, where they will change their password, and then have access to an account. They can login on their Windows desktop, through a browser, or on a mobile device. They can also access their accounts through extensions for applications such as Outlook, Salesforce and Google Calendar.
For small changes of one to several users, the provisioning or deprovisioning can occur in a matter of minutes. If you are provisioning hundreds or thousands of users, a general rule of thumb for a average system is 1000 provisioning requests per hour.
Any changes to users in the provisioned Active Directory groups or users is reflected in the ADC and passed to the Admin Center. Provisioning is fully automated and your users have full access to GoTo business tools.
Under normal operations, the ADC polls the Active Directory at the interval you set.
Alternate Provisioning Solution
With some additional implementation, an organization can provision and deprovision users more directly and with greater precision. The GoTo developer portal includes the Administration APIs. These APIs let you create a standalone application to provision your users, and offers greater control over the process. You can specify account attributes by product and by user, setting such options as whether the user’s webcam is enabled, whether toll or VoIP access is available, and how the user’s chat will work during online sessions.
A Powershell code sample is available on the developer site for .NET. This sample can be reused in compatible .NET environments to provision users for GoToMeeting, GoToTraining, GoToWebinar, and OpenVoice.
Query User Attributes from Active Directory
A standard set of user attributes are required from the Active Directory to validate the user for provisioning. You can query additional user attributes from Active Directory to support requirements such as invoicing departments, users, etc.
You may also want to configure error and daily status logs.