Limitations - LDAP and Windows Integrated Authentication

System Administrator Help

LDAP Integrated Authentication

When the LDAP integrated authentication is enabled, mapped users can select Active Directory in the Authentication field of the Security Logon window. New authentication processing occurs so that they can log on to the NextGen Healthcare applications by entering the same domain, user name, and password credentials they use to log onto the network. The credentials are then authenticated through Active Directory. Note: Alternatively, the users can select NextGen Database in the Authentication field and use their existing NextGen® Enterprise user name and password to log on. How logging on changes with Active Directory integrated authentication When Active Directory integrated authentication is turned on, the Authentication field appears on the Security Logon window. The field displays for all users regardless of whether they are mapped to an Active Directory account. If the user selects Active Directory, the Domain field appears. To log on, the user must enter the user name, password, an

System Administrator Help

Set Up Integrated Authentication

You perform all integrated authentication setup in System Administrator. Setup is a three-step process. Turn on LDAP mapping. The setting enables the Map LDAP User button on the user under General tab. Map each NextGen application user to a user name in Active Directory. You can map them individually or in bulk. If necessary, you can provide proxy access for mapped users. Activate Integrated Authentication In System Administrator you can turn on LDAP and Windows integrated authentication. Map a User for LDAP Integrated Authentication Map Multiple Users for LDAP Integrated Authentication Set Up LDAP Integration Proxy Access Restrict Access to Windows Integrated Authentication Parent topic: LDAP and Windows Integrated Authentication

System Administrator Help

LDAP and Windows Integrated Authentication

The NextGen Healthcare applications support the use of Lightweight Directory Access Protocol (LDAP) authentication and Windows integrated authentication for user logon. The authentication eases administration access and allows single sign-on through directory-integrated authentication. With both kinds of authentication: The LDAP user mapping options in System Administrator become available, which enable you to map NextGen Healthcare users to Active Directory users. You can map users one at a time or in bulk. You can set account access to a proxy server for all mapped users. Note: The NextGen Healthcare applications still track user changes to data, such as for significant events, by their NextGen user ID. LDAP Integrated Authentication Limitations - LDAP and Windows Integrated Authentication Set Up Integrated Authentication Parent topic: Users

System Administrator Help

Map a User for LDAP Integrated Authentication

By mapping individual users to users in the Active Directory, you enable them to use LDAP authentication. To map a user, in System Administrator main window, select the user. On the External tab, select Map LDAP User. The Add External LDAP User window appears. Under LDAP User Search Options, the Domain search field defaults to the name of the domain currently logged into, and the First Name and Last Name fields default to the first and last names of the selected NextGen Healthcare user. If you need to find a different user, enter the search criteria in the LDAP User Search Options, and then select Search. The matching results display. Select the username row, and then select OK. The user's LDAP domain and username display on the External tab. Parent topic: Set Up Integrated Authentication

System Administrator Help

Restrict Access to Windows Integrated Authentication

You can define a specific group of computers on a network that can use Windows integrated authentication. Only computers in that domain security group will be allowed to use Windows integrated authentication. Users in other computer groups would have to log on as normal. Note: The defined computer group does not affect LDAP integrated authentication. In the System Administrator application, select View > Universal Preferences. Select General Options. In the Preference list, double-click Windows Integrated Authentication Computer Group, and then enter the name of the domain security group in the field. Select OK. Parent topic: Set Up Integrated Authentication

System Administrator Help

General Options Universal Preferences

Preference Description Add to Inclusion List from Patient Lookup Enables a provider to add patients to their Inclusion List from the Patient Lookup window. When this preference is set to True, patient names in the Patient Lookup window display with black text and the remaining names display with gray text. When this preference is set to False, only those names in the Inclusion List appear in the Patient Lookup window; therefore, the provider cannot add any new names to the Inclusion List. Note: The provider must have an Inclusion List already set up. Allow LDAP Integrated Authentication When set to True, this preference enables the LDAP integration features. The LDAP user mapping options become available in the System Administrator application > User settings > External tab. On the tab, the administrator searches the Active Directory system by domain, username, first name and last name and maps a directory user object to the selected NextGen Healthcare user account. This preference wil

Limitations - LDAP and Windows Integrated Authentication

Recommendations

LDAP Integrated Authentication

Set Up Integrated Authentication

LDAP and Windows Integrated Authentication

Map a User for LDAP Integrated Authentication

Restrict Access to Windows Integrated Authentication

General Options Universal Preferences

LDAP Integrated Authentication

Set Up Integrated Authentication

LDAP and Windows Integrated Authentication

Map a User for LDAP Integrated Authentication

Restrict Access to Windows Integrated Authentication

General Options Universal Preferences