When the Identity Management Module is included in your license, it still needs to be activated in order to be used. Only users with the Sys Admin parameter can activate the module.
- Click the gear icon in the upper right > click Features beneath System.
- Select Enable authenticating users with third party identity providers in the Identity Management section.
- (Optional) Select Allow single sign on functionality.
- If you are using Active Directory (AD) LDAP, some additional configuration is necessary on your webserver to enable single sign on. No additional configuration is required to enable single sign on with AD FS, Azure AD, or OAuth 2.0 / OIDC.
- (Optional) Select Update existing users on login.
- This will check for and update the user each time they log into Issuetrak.
- Click Update to save the new settings.
A confirmation message will appear when this process is complete and the Identity Management options will become active in the Settings Lightbox.
Deactivating Identity Management within Issuetrak
You may want to deactivate Identity Management integration under certain circumstances, which will preclude the use of all forms of third-party authentication with your instance of Issuetrak.
- Sign into Issuetrak with a Sys Admin account.
- Click the gear icon in the upper right > click on Features beneath System.
- Scroll down to Identity Management.
- Uncheck the box next to Enable authenticating users with third party identity providers.
- Click Update.
When the Identity Management Module is activated, any existing users will be set to use Issuetrak Authentication by default. The option to select the authentication type will only be shown in the user record after the Identity Management Module is activated. If you need to change the authentication type for a user, you can use the steps below.
- Click the gear icon in the upper right > click Users beneath Entities > click either List or Search in the right quick menu.
- Locate the user record of the user you need to change.
- Click the edit link that appears next to the user ID.
- Select the desired authentication type in the Authentication Type field on the Edit User screen.
- If you select AD LDAP, the user will need to be imported using the steps from AD using these steps before they are able to login.
- If you select the OAuth 2.0 / OIDC / ADFS / Azure AD option you will need to populate the Domain and Authentication User ID fields.
- Click Update to save the new parameter.
A confirmation message will appear when this process is complete.
Repeat these steps for each user that you need to change. Any user with the Sys Admin parameter or Can access and maintain Administration functions can update the user.
Single Sign On (SSO)
If Single Sign On was activated during preparation and you are using AD LDAP, related settings must now be updated for this to function properly if you intend to use SSO. In some cases, browser settings may need to be updated at the user level.
- You can learn how to configure AD LDAP SSO here.
AD Federation Services, Azure AD, and OAuth 2.0 / OIDC do not require additional changes for SSO to work, and they are incompatible with the IIS authentication settings that are required to make AD LDAP SSO work.