CollaborNation has the ability to integrate with Active Directory to keep accounts consistent between your organization and CollaborNation. 



Why integrate?

Organizations grow and change daily. Your employees get married, change names, get new job titles, and update email addresses. New employees may be hired and current employees may leave or be let go. 


When these changes happen, administrators at your organization need to update these accounts in every system that they appear. For larger organizations it can be an administrative burden, especially if you have hundreds of employees with dozens of required accounts.


If your organization has Active Directory, you can integrate with CollaborNation so you only need to update employee accounts in Active Directory, then the changes will be reflected in CollaborNation.


Also by integrating, your employees won't need to enter or remember an email/password combination to log into CollaborNation. Once logged into Active Directory, they will automatically be logged into CollaborNation as well.


How?

CollaborNation offers single sign-on (SSO) via SAML 2.0. 


If you're interested in integrating, please contact us. We start with a discovery meeting to make sure integrating with Active Directory will work for your organization. We'll provide guidance and suggestions on ways that may work best.


We recommend speaking to your organization's IT team to determine their recommended approach to integrate within your organization's Active Directory instance. Each organization is different with their Active Directory instance, and your IT team will know best. We also strongly suggest to include them in the discovery meeting with us.


As an example, a common AD integration is to place a training link on a gateway page where employees can click on it and be taken directly into your CollaborNation site. The employee will be automatically logged in and able to tack training.


Once agreed upon, some details will need to be shared to establish the Active Directory integration.


Connecting

To integrate, we will need the following fields:


FieldDescription
IdP Entity IDA globally unique name for an Identity or Service Provider.

This is often, but not always http://[DOMAIN.COM]/adfs/services/trust
Single Sign On Service URLThe URL target of the IdP where the Service Provider will send the Authentication Request. If your IdP has multiple URL targets, the one that uses the HTTP Redirect Binding should be used here. ("SAML 2.0 Endpoint (HTTP)")

This is often but not always: https://[DOMAIN.COM]/adfs/ls
X.509 CertificateA digital certificate that verifies that a public key belongs to the service identity contained within the certificate.

Many of these fields can be found in the FederationMetadata.xml file, which if provided would be helpful.


Then we need the following attributes mapped, all case-sensitive:


AttributeDescription
EmailProvide the name of the field containing the email address of the employee.
First NameThe first name field can be named any of the following:
  • User.FirstName
  • FirstName
  • Firstname
  • First_Name
  • first_name
  • firstname
Last NameThe last name attribute can be named any of the following:
  • User.LastName
  • LastName
  • Lastname
  • Last_Name
  • last_name
  • lastname
IdentEach site in CollaborNation is given a unique ID by which to direct the accounts into the appropriate site. This is found in the site's URL: https://collabornation.net/login/IDENT

The Ident will be provided by us. Your organization will need to configure a SAML attribute that has the static text of the Ident. You will then need to provide that attribute's name.