Table of Contents
Active Directory Integration: Frequently Asked Questions
Why is Active Directory integration only available for "self hosted" editions of MIDAS?
In order for a web server to support Active Directory integration, the server has to be specifically configured to do so. With the "cloud hosted" edition of our MIDAS room booking system, we do not permit or provide you with access to change/reconfigure the web server in order to support your particular LDAP server.
Why must my MIDAS be licensed for "Unlimited" users in order to use Active Directory integration?
If your MIDAS system is licensed to a finite number of users, then Active Directory integration would potentially exclude some of your Active Directory users from accessing the software - defeating the point of the seamless "single-sign on" ability offered by LDAP integration. For example, if your MIDAS system is only licensed for a maximum of 10 users, then whichever 10 users from your Active Directory login to MIDAS first, they would then be the only 10 users who could continue to access your booking system in the future - all others would be rejected.
Therefore, to avoid this, we have restricted Active Directory integration to self-hosted customers with "Unlimited" users licenses.
Generally speaking, organizations that utilize an Active Directory tend to have dozens, if not hundreds, of users so would likely have or require an "Unlimited" user license for their MIDAS system anyhow.
Does MIDAS "write" anything back to or update my Active Directory?
No. MIDAS only reads data from your Active Directory. It doesn't write anything back or make any changes to your Active Directory.
I can't change user's Primary Groups in my Active Directory, yet I need to assign different users different permissions!
By default, MIDAS will assign permissions based upon each user's Primary Group which corresponds to a user group in MIDAS with the same name. If you are unable to change a user Primary Group in your Active Directory to allow them to inherit different permissions within MIDAS, there is a solution!
- Export a list of users from your AD (including full names and email addresses)
- Open this exported data in a spreadsheet and add an additional "User Group" column
- Populate this new user group column with the names of existing User Groups you've previously defined in MIDAS
- Save your modified spreadsheet as a .CSV file
- Import this file into the software (MIDAS Admin Options → Manage MIDAS → Database → Database Tools → Import Data), ensuring you assign the correct fields to the correct columns
Finally, untick the "Update User Permissions upon each authentication" option (MIDAS Admin Options → Manage Users & Permissions → Single Sign-On)
Then once you've setup & enabled LDAP authentication, users will be able to seamlessly authenticate and will have the appropriate user permissions.
Not all our users are under the same base within the Active Directory, can MIDAS handle that?
Yes. From MIDAS v4.09 onwards you can specify multiple Active Directory bases (MIDAS Admin Options → Manage Users & Permissions → Single Sign-On → Base) by separating each base with a semi-colon ( ; ) character.
If you're running an earlier version of MIDAS however you would need to update to v4.09+ in order to be able to configure multiple AD bases.