Mapping the Active Directory Server

To synchronize users with Active Directory, you must first tell Accolade where to find the Active Directory instance, and then map attributes available within Active Directory used to identify users.

To sync users between Accolade and the Active Directory at any time, click Sync on the Active Directory page. A synchronization service runs in the background once an hour.

To add an Active Directory and define the server information:

1. Ensure that the Active Directory Enabled system parameter is set to 1 in the Administration Console.

The functionality is disabled by default.

2. Within Accolade, from the System menu, select System > Active Directory.
3. Do one of the following:

• To add a new Active Directory - Click in the lower left corner of the page.
• To edit an existing Active Directory - Click inside the field that you want to edit.

4. Enter the following information:

Field	Description
Display Name	Enter the name of the server, as it displays in the Active Directory page.
System Name	Enter a unique identifier for the Active Directory for within Accolade, for example, companyNameAD. The system name is not displayed to users and can be abbreviated to make it easy to use in queries. The system name must be unique and can include only letters (English alphabet), numbers, and the underscore.
URL	Enter the path to the Active Directory in your network using LDAP syntax. LDAP is case sensitive, and the URL must contain a forward slash after the port to be valid. For example: LDAP://server1.sopheon.com:389/.
Search Distinguished Name	Enter the attributes separated by commas that make up the distinguished name in Active Directory that defines users. For example: OU=Sopheon Users, DC=Sopheon, DC=com. This example includes the organizationUnitName and domainComponent attributes. The distinguished name is set of attributes you have chosen to identify users.

5. Click Apply to save your changes.
6. Continue with the next procedure to complete the required mapping to active directory attributes.

To map Accolade fields to objects in the Active Directory structure:

1. Ensure that the Active Directory Enabled parameter is set to 1 in the Administration Console.
2. Within Accolade, from the System menu, select System > Active Directory.
3. Click the plus next to the Active Directory server you want to map.
4. In the Row Value column, enter the attribute name from Active Directory that corresponds to each Row Label. The mapping created using these fields determines which attributes are matched to map users between Accolade and the Active Directory.

Note:  The Domain option is an actual value that is used to create the user login and is not a mapping option. It is concatenated with the Row Value for Login to create the user login.

5. Any extended field that has the AD Sync check box selected is also available to map data to from Active Directory. Map those fields, as necessary.
6. Click Apply to save your changes.

Notes:    To sync Active Directory with Accolade, the user must have at least read-only rights to the configured domains on the server and be an Accolade user with the Service Account role.