Skip to main content

Integrate with Active Directory

Tom Rauscher
  • Updated

Administrators can import the district's Active Directory to create user accounts. Then, the Active Directory password is used to authenticate login requests.


This is a three-step process:

  1. Set up Active Directory integration with Facilities Binders.
  2. Import Active Directory users into Facilities Binders.
  3. Set up roles and permissions for imported users.

You can also schedule a daily synchronization of Active Directory users.

Important: Because of the technical knowledge required, your district's IT administrator will most likely need to perform this procedure.


Step 1: Set up Active Directory integration

Note: Your IT administrator can contact Follett tech support if detailed instructions are needed.
  1. Grant the Facilities Binders server access to your Active Directory server by opening port 636.

  2. Allow the following IP addresses:

    • 20.96.235.248/29 (Additional IP after 4/1/23)
    • 20.221.121.48/29 (Additional IP after 4/1/23)
    • 20.125.75.224/29 (Additional IP after 4/1/23)
    • 52.177.86.103 (Follett's Outbound IP required prior to 10/15/25)


Step 2: Import Active Directory users into Facilities Binders

  1.  In Facilities Binders, select Settings > Single Sign On > Active Directory Connection. The Active Directory Integration Admin page appears.

    Active Directory Integration Admin page.

  2. Do the following:

     a.  Next to Active Directory Server, enter the district's server IP address.

     b. If you want to use LDAP over a Secure Socket Layer (SSL) for user authentication, select the Secure LDAP checkbox.

    c. Enter any district Active Directory Username and Password.

    d. Select the desired Username Attribute.

     e. To Store Credentials for the automatic Active Directory synchronization, select the checkbox.

    Note: You have the option to save filters and run a nightly sync to Active Directory to update any changes.

    f.  Click Test Connection.

    Note: Connection test successful appears in the Test Connection field if the connection is made.

  3. Click Save.

    Note: If you use  Work Orders, you can transfer the same credentials by clicking Transfer AD credentials from MLW.

Step 3: Set up roles and permissions for imported users

  1. In Facilities Binders, select Settings > Single Sign On > Active Directory Filters. The Manage Active Directory Filters page appears.

    Manage active directory filters page.

  2. To add a filter, click Add icon.. The Manage Active Directory Filter detail page appears.

    Manage active directory filter page.

  3. Do any of the following:

    a.  Enter a Name.

    b.  Next to Filter, enter an LDAP filter string.

    Example: An LDAP filter string example: OU=Staff,OU=TestSD,DC=testsd,DC=sdserver,DC=localThis example string tells the Active Directory import where to pull the users that should be created in the district's   account. For example, if you only want teachers added, the filter would be set to only find district teachers.

    c.  If the name is a group, select the Is a Group checkbox.

    d.  If you want the filter to be Active, select the checkbox.

    e.  Select the desired Roles the user will have by default.

    f.  Select the desired Sites the user will have access to by default.

    g.  Select one of the following:

         • 1 Group Per User, then select the desired Classification.

         •Add to Existing Group, then select the desired Group.

    h.  Select the desired Users.

    Notes: To view a list of all users that can be imported, click Users icon.

    • Users available for import show Import icon..

    • Users who cannot be imported show a Information icon. with a reason why they cannot be imported.

    • To manually sync the directory, clickSync icon. .


    i. Do one of the following:

            • Click Save.

            • Click Save & Synchronize Users.

To schedule a daily sync:

  1. Select Settings > Single Sign On > Active Directory Connection. The Active Directory Integration Admin page appears.
  2. Confirm your Username and Password.
  3. Ensure the Store Credentials checkbox is selected.
  4. Click Save.
  5. Select Admin > Single Sign On > Active Directory Filters.
  6. Confirm you have the appropriate filters listed.
  7. Click Calendar icon.. The daily sync is enabled.


Troubleshoot 'importing users' error:
You might receive the following error when importing users:

No users found error message.

If so, try the following:
• Ensure you do not have any broader filters you can use to attempt to pull in users. Sometimes, the filter is just too narrow.
• Verify the LDAP port or LDAPS port is open.

• If the port is open, click here to download a tool to help you find your Active Directory filters.

Note: If you find the distinguished name under Attribute, you should be able to locate the appropriate filter under the corresponding Values column.

• If you are still unable to determine the correct filters, send a screenshot of your Active Directory tree opened, along with the filters you are attempting to use, to Follett tech support.
 

Related articles

Comments

0 comments

Please sign in to leave a comment.