Active Directory is only available when hosting MeetingBooster locally.Instead of manually adding, editing and deleting users, you can manage your users automatically by synchronizing MeetingBooster with your organization's Active Directory server. Using Active Directory to control who should have access to MeetingBooster means that you will only have to add, edit and delete users in one place (Active Directory) instead of having to manually replicate the same user roster changes across several separate systems. It also makes it easier to integrate MeetingBooster in the organization's security set-up.
Active Directory is only available when hosting MeetingBooster locally.
Your
Active Directory server must have a security group called MeetingBooster.
All users who should be able to access MeetingBooster must be members
of the MeetingBooster security
group in Active Directory. (If you use Active Directory to assign security
roles for user hierarchies, you may need more than one security group;
see below).
Users
must log onto MeetingBooster using their existing domain user names and
passwords as specified in Active Directory.
Click Settings
and select Admin.
Click
Active Directory in the menu.
This menu option
is only available when hosting MeetingBooster locally.
Enter
your domain, user name and password for the Active Directory server. You
can also enter a different name for the Active Directory group you want
to use.
Your user name should
include the domain name (example: mydomain\aduser), and you must have
permission to query the Active Directory server.
Click
Save Changes.
When you have set up the connection
to Active Directory, manual user editing will be disabled in the Admin
section of MeetingBooster.
Active Directory users are synchronized to MeetingBooster every night; however, you can update MeetingBooster manually by clicking Update Now.
The synchronization is one-way. Active
Directory is never updated from MeetingBooster.
The following Active Directory properties for each user profile are automatically synchronized to the user profile fields with the same name in MeetingBooster:
Email
Display Name
Full Name (first name and surname)
Title
Manager (controls the user hierarchy
in MeetingBooster; see below)
All user accounts are identified by
their email addresses. Changing the email address of a user will therefore
effectively create a new user in MeetingBooster.
User
hierarchies and user groups
The Manager property in Active Directory is synchronized to the Manager field in MeetingBooster, creating a user hierarchy as described in "Managing user hierarchies". User groups cannot be defined in Active Directory; if user groups are needed, they must be set up in MeetingBooster as described in "Managing user groups".
Security
roles
Security roles for user hierarchies are defined in MeetingBooster as described in "Managing security roles". However, the assignment of security roles is controlled from Active Directory by setting up a security group in Active Directory with the name MeetingBooster-[name of security role].
Example: If you have created a security role named Salesperson in MeetingBooster and want to assign this security role to a number of users, these users must be added to a security group in Active Directory with the name MeetingBooster-Salesperson.
All security role assignments
for user hierarchies for a given user are checked, and if necessary updated,
from Active Directory whenever that user logs into MeetingBooster. If
you have made any changes to security role assignments for that user in
MeetingBooster, the changes are overwritten with the settings in Active
Directory when the user logs in.
Security roles for user groups are defined and assigned in MeetingBooster. For more information, see "Assigning security roles".
Labels
User labels in MeetingBooster are synchronized with properties in Active Directory if the labels have the same names as the properties in Active Directory.
Example: Active Directory by default contains a property named Department. If you add a label named Department in MeetingBooster, it will be synchronized with Active Directory.
For more information
on setting up user labels in MeetingBooster, see "Working
with user labels".
If you delete a user in Active Directory or deny the user access to MeetingBooster (by removing the user from the Active Directory security group MeetingBooster), the user is not immediately deleted but is set as disabled in MeetingBooster. To delete the user from MeetingBooster, confirm the deletion on the Active Directory page in the Admin section. You will see a list of users to be deleted before you confirm by clicking the Delete User button.
Deleting users
cannot be undone.
If you no longer want to control your MeetingBooster users from Active Directory, remove the connection as follows:
Click Settings
and select Admin.
Click Active Directory
in the menu.
Delete the contents of the domain, user name and password
fields for the Active Directory server.
Click
Save Changes.
When you remove the connection to Active
Directory, manual user editing will be re-enabled in the Admin section.