Introduction
iAGENT comes with integrated user management. However, it is possible to set up authentication via an external identity management system. This requires a few configuration steps that are described in this tutorial.
Configuration in iAGENT
Via system parameters (Administration –> System –> System Settings –> System Parameters tab) the following parameters have to be added / adjusted and the values have to be set according to the environment. Alternatively, the Routing.conf file on the file system of the iAGENT web server can also be adjusted.
external.auth.enabled = true external.auth.agent.enabled = true external.auth.routing.enabled = true external.auth.user.auth.class = com.novomind.ecom.common.auth.ldap.ADLDAPAuthenticator external.auth.ldap.enabled = true external.auth.ldap.servers = [{url:"ldaps://xxx.novomind.com", domains:[novomind.com], pagesize.max: 234, timeout.connect: 1000 , timeout.read: 2000},{url:"ldaps://xxx2.novomind.com", domains:[novomind.com], pagesize.max: 234, timeout.connect: 1000 , timeout.read: 2000},{url:"ldaps://xxx3.novomind.com", domains:[novomind.com], pagesize.max: 234, timeout.connect: 1000 , timeout.read: 2000}] external.auth.ldap.user.properties.read = false
If these parameters are configured accordingly, the entered user name and password are used to authenticate against the external system when logging in.
For accesses with system users (such as from apps or REST API), one of the following keys must be set to the value DB on the corresponding user (Individual Settings tab in User Settings):
- auth.type (for login on Supervisor and Desk)
- auth.type.agent (for login on Desk)
- auth.type.user (for login on Supervisor)
Automatic user creation in iAGENT
After a successful login using an LDAP user that does not yet exist in iAGENT, the following setting can be used to ensure that the user is then also automatically created in the iAGENT system. This is done without assigning roles and rights. It is therefore not possible for the user to log in yet, but the supervisor sees the user and only needs to assign the appropriate roles.
ldap.autoCreateUser = true