OrgPublisher 21.x and later - AD (Active Directory) Authentication set up
Applicable Product: OrgPublisher
Applicable Release: 21.x and later
Summary:
If you chose to use AD Authentication you must include the Active Directory ID in your input data and create a custom field e.g. UserID - this is for OrgPublisher to read and compare to the Windows token. If you do not have it in your Primary data source you will need to add it or create a secondary data source to be applied.
Next, create a Charting Instance for your secure charts:
NOTE:
When all the users of an organization are in the same domain, then using just the userID is sufficient. However, in some organizations, their users may be on different domains so the domain information will be needed in the userID in the form of domain\userID. If that is the case, then what you set for the "User ID Format" for the web app (in the Configuration Tool) must use the Domain\User ID option to match the data.
Once you have the ADID in your data and created a Charting Instance, then go to your WebAdmin OrgPublisher Administration site, locate your secured Instance you created, in our example we created ‘v12HTML5secured’. Now go to ‘Fields’ and add your ADID custom field. The name of the custom field should be something meaningful such as ADID or UserID, it up to you. (In this example we used ‘UserID’) Also, be sure to assign it to all Position types.
Verify that this custom field is NOT searchable, it is set by default to unchecked but it is always a good idea to verify as this is a sensitive field.
When you set AD Authentication, the chart viewer will request the AD ID from the user's environment and then compare it to the data in the custom field within the Chart. If it finds a match, then the user is allowed into the chart; otherwise, the user will see an "unauthorized" message.
Go to ‘Security’ menu item:
Choose your User ID Field that you defined above.
Then you can select for this specific chart where your users will start:
‘Starting Box Type’ options:
Top of chart – Select to open the chart at the original top of chart box, displaying all levels in the chart.
User’s box – Select to open the chart at the user’s box, displaying all levels from that point down.
Supervisor’s box – Select to open the chart at the user’s supervisor’s box, display all levels from that point downward.
Box Id in this field – Select to open the chart at a top of chart box other than the previous options. This unique ID must be stored in an input file custom field record. Use the down-arrow to make your selection in the adjacent field.
Allow Users to drill up from starting box – Checking this box will allow users to drill up from starting box check box is the default selection and allows user to navigate to levels above their box in the chart. Clear the check box if you do not want to navigate above their own chart level.
Display secured fields for all people in user’s box – On any secured chart, controls what secured data a user can see if they are in the same box as other employees. If NOT selected, a field’s security is set to User’s box and subordinates, users will see the secured data only in their own record in their box. If selected, it allows a user to see the secured data for all persons in their own box.
For more information please consult the ‘Help’ menu within OrgPublisher Administration:
Once you have completed your Security setup be sure to ‘SAVE’, then ‘View Chart’.
Please remember that when testing your (own) Active Directory ID must be in the Chart.
Example:
For testing I did enable the ADID to verify and I set to open at ‘User’s Box’ and it does NOT allow to drill up from the starting box.
As you can see from the chart below based on the ADID it opened at the box that my ADID was assigned to and I cannot drill up the chart.
Created : 2020-10-23
Reviewed: æ 2020-10-23