Question: How can I Manage Act! Users in Active Directory?
Product Details:
Product Family: Act!
Version: v21.1 and above
DISCLAIMER: This article is for information purposes only, Swiftpage DO NOT provide technical support for third party applications such as Active Directory.
Answer:
Act! v21.1 includes support for managing Act! users and login authentication using Active Directory. This is targeted for large user deployments who have an IT infrastructure capable of managing these roles.
IMPORTANT: Active Directory integration is only available for Windows client deployments, and does not provide support for the Act! API or any features of the API.
Benefits:
Considerations:
Amending Act! User Names and Passwords
Before proceeding with the instructions below, the user names in Act! should be amended so that they match the Active Directory user names that will be logging in, and the passwords for the Act! users must be removed. This must be done if you wish to keep the existing Act! users that you have. For information on creating and managing users in Act!, please see the article below:
A database flag must be set to indicate that user authentication is to be handed by Active Directory. This can be done by adding a record in CTL_DBCONFIG “USEAD” and setting it to “True”.
A sample query for this is below:
insert into CTL_DBCONFIG (DBCONFIGID, SECTION, NAME, CONFIGVALUE, DISPLAYNAME, DESCRIPTION, VALUETYPE, VALIDATION, ISREQUIRED, ISCOPIED, CREATEUSERID, CREATEDATE, EDITUSERID, EDITDATE)
values (NEWID(), 'DATABASE', 'USEAD', 'True', 'Use Active Directory', 'description', 'STRING', NULL, 1, 1, '11111111-1111-1111-1111-111111111111', '2012-01-19 15:25:30.627', '11111111-1111-1111-1111-111111111111', '2012-01-19 15:25:30.627');
Creating Active Directory Groups
Act! will make use of Active Directory groups to authenticate users, so you must have access to modify these. The name of the group determines the access that the Active Directory user has to Act! databases. If you want an Active Directory user to have permission to an Act! database on the network create a group that they are part of using the rules below.
The group name is broken up this way:
IMPORTANT: The highlighted bit flags grant permissions that are not currently available for use as Active Directory integration does not provide support for the Act! API or any features of the API. These permissions MAY become usable in the future.
Below are three user examples as a guide:
Product Details:
Product Family: Act!
Version: v21.1 and above
DISCLAIMER: This article is for information purposes only, Swiftpage DO NOT provide technical support for third party applications such as Active Directory.
Answer:
Act! v21.1 includes support for managing Act! users and login authentication using Active Directory. This is targeted for large user deployments who have an IT infrastructure capable of managing these roles.
IMPORTANT: Active Directory integration is only available for Windows client deployments, and does not provide support for the Act! API or any features of the API.
Benefits:
- Centralizes the Act! user management under Act! directory profiles.
- Provides single sign-on access to Act! based on the users Windows login.
- Supports multiple Act! databases, stored on any machine.
- Suited to larger Act! deployments, and useful where there is a high turnover of users.
- No more login issues due to bad credentials or forgotten Act! passwords.
Considerations:
- Requires an in-house resource who can assume responsibility of managing the Active Directory profiles.
- Swiftpage do not support the creation or configuration of these profiles under Active Directory.
- Only supports Windows/desktop client deployments. Web client access to Act! is not supported.
- The Act! API is not supported. This limits in-product functionality and integrations in the following areas:
- Act! Marketing Automation can not be used.
- Act! Companion can not be used.
- Act! Premium Contact Link can not be used.
- Act! Connect Link can not be used.
- Act! Insight view will not function.
- Pipeline views within Opportunities will not function.
- Connections to the API can not be made for 3rd party integrations (e.g. Zapier, eCommerce modules or custom developments).
Amending Act! User Names and Passwords
Before proceeding with the instructions below, the user names in Act! should be amended so that they match the Active Directory user names that will be logging in, and the passwords for the Act! users must be removed. This must be done if you wish to keep the existing Act! users that you have. For information on creating and managing users in Act!, please see the article below:
How to create and manage database Users in Act!
A database flag must be set to indicate that user authentication is to be handed by Active Directory. This can be done by adding a record in CTL_DBCONFIG “USEAD” and setting it to “True”.
A sample query for this is below:
insert into CTL_DBCONFIG (DBCONFIGID, SECTION, NAME, CONFIGVALUE, DISPLAYNAME, DESCRIPTION, VALUETYPE, VALIDATION, ISREQUIRED, ISCOPIED, CREATEUSERID, CREATEDATE, EDITUSERID, EDITDATE)
values (NEWID(), 'DATABASE', 'USEAD', 'True', 'Use Active Directory', 'description', 'STRING', NULL, 1, 1, '11111111-1111-1111-1111-111111111111', '2012-01-19 15:25:30.627', '11111111-1111-1111-1111-111111111111', '2012-01-19 15:25:30.627');
Creating Active Directory Groups
Act! will make use of Active Directory groups to authenticate users, so you must have access to modify these. The name of the group determines the access that the Active Directory user has to Act! databases. If you want an Active Directory user to have permission to an Act! database on the network create a group that they are part of using the rules below.
The group name is broken up this way:
- “ACT.”: This indicates to Act! that it is a relevant group to look at.
- “{Machine Name}”: This indicates the machine name that the database host is on, exactly like what is in a .pad file.
- “{Database Name}”: This indicates the database name that the Active Directory user has access to.
- “{Role}”: This indicates the role that the Active Directory user has in this database. Options are: “Administrator” “Manager” “Standard” “Restricted” “Browse”
- “{permissions}”: This is an optional setting, which indicates the customizable permissions that the role has. This only applies to Manager and Standard user roles, as the others have no customizable permissions. These permissions are set using bit flags for each permission. See the chart below for each bit flag. To calculate the required bit flag, take the sum of all of the permissions you would like the user to have and put that number in this location. If a Standard or Manager role is indicated and this space is left blank it will use the default permissions as seen in Manage Users on a normal database.
IMPORTANT: The highlighted bit flags grant permissions that are not currently available for use as Active Directory integration does not provide support for the Act! API or any features of the API. These permissions MAY become usable in the future.
Web API AMA Admin AMA Assets AMA Campaign Dashboard AMA Campaigns AMA Integration Data AMA Landing Page Results AMA Landing Pages AMA Templates AMA Web Activity Contact Link Auto-Attach Remote Administration Export to Excel Accounting Link Tasks Delete Records Emarketing Administration Emarketing Send Emarketing Lead Capture Handheld Device Sync Manage Sync Subscription List |
Act_API = 1, AMA_Administration = 2, AMA_Assets = 4, AMA_CampaignDashboards = 8, AMA_Campaigns = 16, AMA_IntegrationData = 32, AMA_LandingPageResults = 64, AMA_LandingPages = 128, AMA_Templates = 256, AMA_WebActivity = 512, Communications_AutoAttach_Emails = 1024, Database_ManageRemoteDatabases = 2048, DataExchange_ExportToExcel_ListViewsOnly = 4096, DataExchange_UseBackOfficeLinks = 8192, deleteRecords = 16384, Emarketing_Administration = 32768, Emarketing_SendCampaign = 131072, Emarketing_WebToLead = 262144, Synchronisation_HandheldDevices = 524288, Synchronization_ManageSubscriptionList = 1048576 |
Below are three user examples as a guide:
- Group1: ACT.ABC-1001282.testDB.Administrator – This user is an administrator in database named “testDB” on machine “ABC-1001282”.
- Group2: ACT.ABC-1001282.testDB3.Standard.18432 – This user is a standard user on database named “testDB3” with these permissions: Remote Administration and Delete Records.
- Group3: ACT.ABC-1001275.testDB1.Standard – this user is a standard user on database “testDB1” on a different machine with the default permissions: Export to Excel, Delete Records, Manage Sync Subscription List.