Connect to an Active Directory server

You can use a connection to an Active Directory (AD) server in your environment for user authentication, sync, or both. Authentication is available only for on-premises deployments of Calabrio ONE.

To unlink synced users, go to Unlink synced users.

NOTE Importing multiple Active Directory certificates is not supported. When you import a new certificate any existing certificate is overwritten by the new certificate.

Page location

Application Management > Global > System Configuration > Active Directory Configuration

Prerequisites

At least one configured AD domain exists.
Each AD domain has at least one configured user path.
The Calabrio ONE server is in the same domain as the user.

Procedures

Configure Active Directory

NOTE For more information about any of the fields on this page, go to About Active Directory configuration in the Calabrio ONE User Guide.

Select Create New Active Directory Configuration.
Enter the Domain Name, Host Name, Port, User Name, and Password in the Active Directory Authentication section.
(Optional) Select the Use SSL check box, and then import the certificate.
(Sync only) Enter the Root DN, Organizational Units, and Synchronization Interval (Minutes) in the Active Directory Sync section.
(Sync only) Select the property to match the AD user with the Calabrio ONE user from the User Profile Matching Property drop-down list.

NOTE After the AD sync is set up, the matching property allows you to verify that the sync is working and unlink users. Select Default to link users by Windows login.
Click Test Connection to ensure that your AD connection is configured correctly.
Click Save.
(Sync only) Navigate to Application Management > Global > System Configuration > Data Server Configuration.
(Sync only) Select the data server for AD sync from the Select Data Server Configuration drop-down list.
(Sync only) In the Active Directory Sync section, select the Enable Active Directory Sync check box, and then move the AD server from Available to Assigned.
(Sync only) Click Save.

Verify that AD sync is working

You can verify the AD sync after the synchronization interval has passed.

Navigate to Application Management > Global > User Configuration > Users.
Select a user who has the same identity as an AD user, based on the matching property that you selected in step 6 above. If the Unlink Agent section (below) appears on the screen, AD sync is working.

Unlink synced users

When a Calabrio ONE user and an AD user are unlinked, the following happens:

Changes to properties in the AD do not transfer to Calabrio ONE.
The user’s Windows login can be edited.
Calabrio ONE retains the Recording user profile and all the values stored in it.

In Calabrio ONE, navigate to Application Management > Global > User Configuration > Users.
If necessary, select the Edit an existing user radio button.
Select the user to unlink from the Select User drop-down list.
Click Unlink Agent from Active Directory Profile (in the Unlink Agent section). A warning message appears.
Click Yes.

Change the matching property field so that the Calabrio ONE user no longer has the same identity as the AD user.

The following table describes how to change the Calabrio ONE user, depending on which matching property you selected when you linked the users.

Matching Property	Change
First Name / Last Name	Change the value in the First Name or Last Name field.
Employee ID	Change or delete the value in the Employee ID field.
Default	Change or delete the value in the Windows Login field.
User Name	Change the value in the User Name field.

Click Save.
(Optional) To permanently unlink users, change the equivalent properties in the AD. If you do not change the AD information, the Calabrio ONE user might be matched with the AD user again the next time the sync runs.