A screenshot of the Edit Profile Control in use on the University of Wales website. Many of the fields would be disabled, if this user had data fed from the Active Directory.
From the perspective of a website user, Active Directory integration makes single sign-on simple. Whether the website be an intranet, internet, extranet or portal, you can be assured that your users will benefit from a single sign-on across the enterprise.
In the example of a public facing website, you may also wish to have non Active Directory users, but in essence all of the people in your domain will be able to use the services and personalisation you want within the context of their Active Directory user account.
Having this type of integration is especially useful for singular control of access.
In the case where an employee leaves the organisation, or moves department, without having to touch Contensis as soon as their AD details are updated, they will no longer be able to access the restricted resources you may have made available to them.
A screenshot of the Who's Who module in action at the European University Institute.
Because the integration fully integrates with our Who's Who module and the user's profile, the user will only be able to update information that is not controlled by the AD.
If, for example, you have a situation whereby your organisation's telephone numbers are automatically fed into the Active Directory, this information will automatically be transferred to the Who's Who, and the user will not be able to change their telephone number if you so wish, maintaining a single point of truth for the information in the enterprise.
This screenshot shows a typical email received when content has been submitted for approval.
From a content editor's perspective, AD integration means that there are no barriers to the system. If you are logged-on to your computer on the domain, you can be automatically logged-in to Contensis. All you need do is type in the web address in the browser.
Other advantages include the ability to carry out tasks such as authorising content directly from your email client. The user will receive an email notification and then can simply click on the authorise or decline button without having to do anything else. It is really that simple.
Setting up AD integration can be done by entering just three fields of data.
From an administrator's perspective, AD integration simplifies the management of your users and groups.
Users and groups will be available in Contensis to assign permissions and workflow against.
You will not need to keep separate accounts for different users, just their AD account is all that is required.
When Contensis synchronises with the Active Directory there are a whole set of fields available for synchronisation, and if required you can even configure custom fields too.
You can decide where the single point of truth is for your data. If, for example, your AD has a limited set of data in relation to email addresses and job titles, then you can let users update them in Contensis, or otherwise, they can be read only in Contensis and the AD can control them.
The synchronisation is configurable, so you decide what synchronises and what is editable.
As you would expect, Contensis respects whether account are locked, disabled or have just expired, so you can be sure all you need do is disable or expire an account in one place and the changes will be available instantly in Contensis.
Typically, group membership is synchronised at intervals and these schedules can be configured by you in seconds, although often defaults are simply left in place.
If you are concerned that the AD does not contain enough data, or the data does not map well to your Content Management needs, then this is no problem. You can simply use the user accounts from the AD and create an entire group hierarchy in Contensis separately. This can also be useful if AD administration is done centrally and is inflexible.
If you are concerned about security, no need to worry. All Contensis requires is a single read-only account to the directory. From an authentication perspective, authentication is carried out directly against your existing AD infrastructure.
From a developer's perspective, you can personalise based upon any data in the AD. So if you want a different homepage for Human Resources, then this can be achieved with a few lines of code.
As with all other areas of Contensis, the entire AD integration is available through the Contensis Open API .