The Reset Account action that can be run from the Incidents search page allows unlocking user accounts and changing passwords. The Active Directory Data Provider must be configured to activate the Reset Account action.
In this section we will describe only those settings that are needed for the Reset Account action. For more information on configuring the Active Directory Data Provider, see the Administration manual.
To configure the Active Directory Data Provider for resetting accounts
- In Matrix42 Workspace Management, open the Data Providers search page under Administration > Integration.
- Double-click the Active Directory Data Provider to open it. The properties dialog contains the Configurations list where configurations for this provider can be managed.
- To add a new configuration for the Data Provider, use the +Add button. The new properties dialog will open.
- On the General dialog page provide the following information:
- Data Gateway: Select the Data Gateway instance that will execute the configuration.
- Data Provider: Specify the data provider for the configuration.
- Description: Provide description for the new configuration.
- Enable Import: Select the checkbox to activate this configuration for import. It is necessary for the initial import of Active Directory users.
- Login, Password: Provide the credentials for accessing the domain. The user account needs to be a member of the Administrators group in Active Directory or another group that is a member of the Administrators group.
- On the Settings dialog page provide the following information:
- Domain: Use the single selection button to select the domain for which the integration should be established.
- Distinguished Names to Be Imported: Use the +Add button to open an input dialog. Fill in the following fields:
- Base DN: Enter the distinguished name of the User object as it is specified in the Active Directory or other LDAP directory service. The import considers the specified CN/OU together with all underlying OUs. The notation should correspond with the LDAP distinguished names, for example: CN=Computers,DC=MyDomain,DC=de. For detailed information about the syntax, refer to Distinguished Names. Object Type: Select the Account object.
- Description: Provide description for the Distinguished Name.
- Run the Configure Synchronization action. An additional dialog opens.
- On the Extended dialog page, select the Enable Account Reset checkbox. The selected checkbox will activate the workflow that is specified in the Change Password / Unlock Account Workflow field on the Implementation dialog page of the Active Directory Data Provider. As a result, the Data Provider will be able to change password and perform the "unlock" action for accounts that are included in this configuration.
- Click DONE to save the configuration.
- You can run the Test Configuration action to check whether all configured settings are correct. As a result, the additional dialog will display validation results for this configuration.
Once the access to the LDAP server is configured, you can use the Reset Account action.