This article provides steps for a scenario where it is necessary to roll back to using AD/LDAP instead of AD Federation Services (AD FS).
The product prevents any domain from being authenticated by both AD and AD FS simultaneously. In the course of following the steps below, there is a period wherein Issuetrak will not authenticate via AD or AD FS. For this reason we recommend that you have a Sys Admin account that uses Issuetrak authentication, to avoid a situation in which you cannot access your own site.
At a high level, this process will do the following in Issuetrak:
- Disable AD FS authentication for a domain of your choosing.
- Enable AD/LDAP authentication on the domain you disabled AD FS for.
- Perform a user import to update all of the user accounts to use AD/LDAP as their authentication method.
- Sign into Issuetrak as a Sys Admin.
- Navigate to Administration > Identity Management > AD Federation Services.
- Click edit next to the domain that you want to switch to AD.
- Uncheck Active.
- Click Save.
- Along the lefthand menu, click Active Directory.
- Click edit next to the domain that you want to activate AD for.
- Click Test Connection and ensure that Issuetrak will successfully communicate with the selected domain controller.
- Upon a successful connection test, check Active.
- Click Update.
- Along the lefthand menu, click Import Users.
- Complete these steps for each OU/Group that needs to be updated in Issuetrak:
- Select the Domain that you've switched to AD from the dropdown.
- Toggle either AD Group or AD OU.
- Click the Select [Group | OU] button and choose which block of users to import.
- Click Preview Import.
- If you are satisfied with the preview, click Process Import. If you aren't satisfied with the preview, then refine your selection in the steps above.
- Check several user accounts to confirm that their Authentication Type is set to "Active Directory".
- Confirm that you can sign into Issuetrak via AD.
- Confirm that other users can sign into Issuetrak via AD.
You have successfully rolled your domain back from AD FS to AD/LDAP authentication.