Integrating Active Directory
Sisense supports integrating Active Directory users and groups with your current Sisense users, so that you can share dashboards and email reports with any of your users. This works in parallel with Sisense’s existing User Management, so you can continue to add users and user groups that are not part of the Active Directory domain.
To enable Sisense to identify your Active Directory users, you import your Active Directory users and groups into Sisense. When you import an Active Directory user, Sisense automatically creates a Sisense user. When you import an Active Directory group, Sisense does not automatically create a Sisense user for each member. The first time a member of an Active Directory group logs into Sisense, then Sisense automatically creates a Sisense user. Active Directory users that do not log in, are not assigned a Sisense user until their first login.
For secure connections to Active Directory, Sisense supports LDAP-S (LDAP over SSL), which encrypts communication between Sisense and your Active Directory. If your Active Directory supports SSL, you can upload your PFX certificate and PFX password for each Active Directory domain while defining your Active Directory settings in Sisense. PFX files contain the public key file (SSL certificate file) and the associated private key file in a single file. These files are generated and provided by you.
This topic describes how to configure Active Directory in Sisense, and how to import users and user groups from Active Directory.
Adding an Active Directory Domain to Sisense
From the Active Directory page, you can add Active Directory domains to your Sisense configuration. Each Active Directory domain you add to your Sisense configuration is added to the Active Directory list displayed in the Active Directory page. The first time you open the Active Directory page, the Add Domain link is displayed, which you can click to begin adding Active Directory domains.
After you have added your first Active Directory domain, it is displayed in the Active Directory list.
From the Active Directory list, you can add additional Active Directory domains. Each Active Directory domain you add to Sisense enables you to share your dashboards and reports with users from any of the domains as well as Sisense users not part an Active Directory.
You can filter the list of the Active Directory domains by entering the name of the relevant domain in the Search field.
To add an Active Directory:
- Click Admin and select the Active Directory tab on the left.
- In Active Directory, click Add Domain.
- In the Add Domain window, fill in the Active Directory configuration fields to point to your Active Directory instance:
- Name: The name of your Active Directory domain. This name is used to locate your Active Directory domain in Sisense when you have multiple domains.
- Connection String: The full path to your Active Directory domain. Example: ldap://dc.domain.com (Or ldaps://dc.domain.com for secure connections)
- Base DN: The Active Directory location from where a server searches for users. Enter the domain by its distinguished name (DN) with its domain components (DC) connected by commas.
For example: For the domain domain.sisense.test, use DC=domain,DC=sisense,DC=test.
Note: If you have a hierarchy of user groups in your organization, you can define the hierarchy in your string as follows:
- If your domain is domain.sisense.com/OU1/OU2, then use OU=OU2, OU=OU1,DC=domain,DC=sisense,DC=com. Only users and user groups from OU2 will be available. Users/groups under OU1 will not be available.
- Username: Enter the username with domain. Example: domain\username
- Password: Enter the password for your Active Directory instance.
- Sync data every: Enter how often Sisense automatically synchronizes with the users and groups in this Active Directory domain in milliseconds.
- SSL Enabled: Select to enable a secure connection to your Active Directory. When you select SSL Enabled, the PFX Upload area and PFX Password field are displayed. In the PFX Upload area, drag the PFX file into the browser or click Browse and navigate to the file. In PFX Password, enter the password you received after your PFX was generated.
- Click Test to verify that your configuration successfully connects to your Active Directory domain.
- Click Save.
Editing Active Directory Domain Settings
To edit an Active Directory domain:
- From the Active Directory list, select for the Active Directory settings you want to edit. The Edit Active Directory window is displayed.
- In the Edit Active Directory window, edit the relevant fields. See Adding an Active Directory in Sisense for more information about each field.
- Click Save.
Disabling an Active Directory Domain
Supports allows you to disable Active Directory domains in Sisense.
An Active Directory domain that has been disabled is still displayed in the Active Directory list, however, users from this domain will not be able to log in to Sisense, and you will not be able to share dashboards or reports with them.
Disabled Active Directory domains have the status Disabled in the Status column in the Active Directory list.
To disable an Active Directory domain:
- From the Active Directory list, select > Disable for the Active Directory domain you want to disable. The Active Directory domain is disabled.
You can enable the Active Directory domain by selecting > Enable.
Deleting an Active Directory
You can delete an Active Directory domain from your configuration. When you delete an Active Directory domain, the users included in that domain are no longer displayed when sharing dashboards or reports. Deleted Active Directory domains cannot be restored, however you can add the Active Directory domain again from the Active Directory page.
To delete an Active Directory domain:
- From the Active Directory list, select for the Active Directory settings you want to delete. The Delete Active Directory window is displayed.
- Click Delete. The Active Directory domain settings are removed from Sisense.
Adding a User from Active Directory
Once a connection with Active Directory has been established, an additional Import from External Server option is added to the Add Users button in the User tab.
The user’s username and email will be added from Active Directory.Note: You can add a user from Active Directory, even if you have not imported that user’s user group from Active Directory.
See Managing Dashboard Users for general information about working with users/user groups in Sisense.
Associating a Sisense User with an Active Directory User
Once a connection with Active Directory has been established, you can associate Sisense users to your Active Directory users in the User tab. Associating a Sisense user with an Active Directory allows you to manage your Sisense users from Active Directory. For example, after associating your users, if you need to delete a user, you can remove them from Active Directory and they will no longer be able to access Sisense. Another example is if you have an Active Directory user and a Sisense user with their own dashboards or ElastiCubes, you can associate the accounts so you don’t need to create a new Active Directory user for your Sisense account.
To associate a Sisense user:
- From the Users tab of the Admin page, click to edit the relevant Sisense user.
- If Active Directory is not enabled, toggle the switch to enable it.
- Select the relevant Active Directory domain and locate your Active Directory user.
- An auto-complete list is displayed showing the Active Directory users.
- Select a username to add to the group.
- Click Save to associate the accounts.
Adding a User Group from Active Directory
Once a connection with Active Directory has been established, an additional Import from Active Directory option is added to the Add Group button in the Groups tab.
The following procedure describes how to import a list of users from a group in Active Directory to Sisense.
Users that are added in this way only appear in the Sisense users list after each user logs in to Sisense. In this way, your Sisense license slots are only consumed by users who actually log in to Sisense.
To add a user group from Active Directory:
- Click Admin and select the Groups tab on the left.
- Click the Add Group button and then select the From Active Directory option from the menu.
- In the Search Active Directory Group field start typing in the name of the desired Active Directory Group. An auto-complete dropdown menu is displayed from which you can select a user group.
If an Active Directory user group has already been imported into Sisense, the words Group already selected appear next to it, as shown above. You can add multiple Active Directory groups, by selecting one group after another. The groups appear in this window as follows:
- Select the default Role for the members of this user group: Viewer or Designer. It will be assigned to new users from this group, when the users are created. Subsequently, user’s role can be changed in the Sisense Users list.
Changes to a group’s default role will affect users created after that time, but will not affect existing users.
- Click Add.