- How do I connect to Active Directory?
- Go to Active Directory under Admin in Sisense web
- Connection String : the address to the Active Directory server (ask your IT department)
- Base DN: Break down your domain and include all hosts. before each word in the name should be ' DC= ' (f.e: ' DC=my;DC=org;DC=domain ')
contain OU=XXXXX , DC= XXXXX only
The baseDN are case insensitive.
Spaces between the parts are ignored
The delimiter could be , or ;
OU parts are not required
OU parts must come before the DC parts
BaseDN must contain all the rootDSE path
*There can be two users with the same name but in different OU's
*Organization unit can contain users, groups and other OU's.
- Username and Password: Can be Administrator user or any other user with permission to all the operations and query the AD server about other users and passwords. Enter the username with domain. Example: domain\username
- In the Sync Data field, select the frequency that Sisense automatically synchronizes with the users and groups in this Active Directory instance.
- Click TEST to verify that your configuration successfully connects to your Active Directory instance.
- Click SAVE.
The main aim of the sync process is to update existing AD users/groups.
it will never create a new user/group document, but it can delete existing user/groups documents.
If users change their password, there is no need to sync.
- if a new group is set up in Active Directory, How will this be pulled through into Sisense?
These group should be shared with one of Sisense dashboards in order to allow the groups users to login into the application.
- When I add an AD group as a users group in Sisense I'm not able to see the number of users.
The admin users view don't show how many users there are in AD groups.
There are 2 main issues with show this:
1. It's not clear if we show the members which have already logged in to sisense, or the general number of members in the AD group (include those that have never logged in so they are not actual sisense users yet)
2. AD group can contain other groups which contain other groups, so it's not clear if this number represent the direct children members or include all the descendants.
- I want to show only one OU from my active directory server how do I configure that?
Add ou=<orgunitname>ou, before the base DN configuration.
- Can we use CN= (Common Name) in addition to the OU hierarchy?
Unfortunately we do not support CN notation in the DN path.
- Can we have SSL connection to Active Directory?
Sisense currently does not support SSL connection to the active directory server (only ldap). It is planned to be possible in upcoming versions.
- If an update is made to a group in AD (I.e. new starters, movers, leavers etc), how are these changes reflected in Sisense?
The automated sync will remove/add starters , movers , leavers in Sisense application, therefore users will have access to the dashboards based on the shared groups.
In case there is no automatic sync configured and no manual sync was initiated, users that were deleted from AD will still not be able to login to Sisense because Sisense will try to authenticate the user and password against AD where they don't exist.
Changes in usernames need to be synced, changes in password do not require sync.
- Is it possible to convert users to AD users without losing their information? If you don't want our dashboard creators to lose their dashboards
There is no way to do it automatically, the user will have to export all the dashboards and import them, and still they will not be the owner of the dashboard, and if the old users are deleted, the dashboards will be deleted as well.
- Does Sisense automatically pull through all users associated to a new added group? Or do users need to be activated separately?
Once a group is shared with one of the dashboards they can access to the application, the authentication is made against the AD and the user will be added to Sisense application once he authenticated.
- I'm getting an error message when trying to add users via their Active Directory, the sync is working and I have access to the AD server.
in the default.yaml file (located under C:\Program Files\Sisense\PrismWeb\vnext\config) look for the headline webServer and increase the jsonLimit to 15mb. (if the jsonLimit line does not exist, add a line: jsonLimit: '5mb')
This limit dictates the size limit of requests to the Web Server, If you have a lot of users and very heavy dashboards, you might be reaching this limit.