Map Multiple Users for LDAP Integrated Authentication

System Administrator Help

Map a User for LDAP Integrated Authentication

By mapping individual users to users in the Active Directory, you enable them to use LDAP authentication. To map a user, in System Administrator main window, select the user. On the External tab, select Map LDAP User. The Add External LDAP User window appears. Under LDAP User Search Options, the Domain search field defaults to the name of the domain currently logged into, and the First Name and Last Name fields default to the first and last names of the selected NextGen Healthcare user. If you need to find a different user, enter the search criteria in the LDAP User Search Options, and then select Search. The matching results display. Select the username row, and then select OK. The user's LDAP domain and username display on the External tab. Parent topic: Set Up Integrated Authentication

System Administrator Help

Set Up LDAP Integration Proxy Access

If your network is controlled by a proxy server, users mapped for LDAP integrated authentication need access to successfully log on. The proxy account works for all users mapped for LDAP integrated authentication regardless of whether they were mapped individually or in bulk. Select View > LDAP Integration Setup. The LDAP Integration Setup window appears. Select the domain. Under Proxy Account Setup, select Edit. The Username and Password fields become available. Enter the proxy account user name and password, and then select Update. If you need to set up the proxy account for another domain, select a different domain, and then repeat the previous steps. Select OK. Parent topic: Set Up Integrated Authentication

System Administrator Help

Activate Integrated Authentication

To turn on LDAP and Windows integrated authentication, in System Administrator > Universal Preferences, select General Options. Set the Allow LDAP Integrated Authentication preference to True. The LDAP user mapping options become available in the External tab of User settings in System Administrator. If you want to activate Windows integrated authentication, set the Allow Windows Integrated Authentication preference to True. Note: You must also set the LDAP universal preference to True in the previous step. Parent topic: Set Up Integrated Authentication

System Administrator Help

Restrict Access to Windows Integrated Authentication

You can define a specific group of computers on a network that can use Windows integrated authentication. Only computers in that domain security group will be allowed to use Windows integrated authentication. Users in other computer groups would have to log on as normal. Note: The defined computer group does not affect LDAP integrated authentication. In the System Administrator application, select View > Universal Preferences. Select General Options. In the Preference list, double-click Windows Integrated Authentication Computer Group, and then enter the name of the domain security group in the field. Select OK. Parent topic: Set Up Integrated Authentication

System Administrator Help

Set Up Integrated Authentication

You perform all integrated authentication setup in System Administrator. Setup is a three-step process. Turn on LDAP mapping. The setting enables the Map LDAP User button on the user under General tab. Map each NextGen application user to a user name in Active Directory. You can map them individually or in bulk. If necessary, you can provide proxy access for mapped users. Activate Integrated Authentication In System Administrator you can turn on LDAP and Windows integrated authentication. Map a User for LDAP Integrated Authentication Map Multiple Users for LDAP Integrated Authentication Set Up LDAP Integration Proxy Access Restrict Access to Windows Integrated Authentication Parent topic: LDAP and Windows Integrated Authentication

System Administrator Help

LDAP Integrated Authentication

When the LDAP integrated authentication is enabled, mapped users can select Active Directory in the Authentication field of the Security Logon window. New authentication processing occurs so that they can log on to the NextGen Healthcare applications by entering the same domain, user name, and password credentials they use to log onto the network. The credentials are then authenticated through Active Directory. Note: Alternatively, the users can select NextGen Database in the Authentication field and use their existing NextGen® Enterprise user name and password to log on. How logging on changes with Active Directory integrated authentication When Active Directory integrated authentication is turned on, the Authentication field appears on the Security Logon window. The field displays for all users regardless of whether they are mapped to an Active Directory account. If the user selects Active Directory, the Domain field appears. To log on, the user must enter the user name, password, an

Map Multiple Users for LDAP Integrated Authentication

Recommendations

Map a User for LDAP Integrated Authentication

Set Up LDAP Integration Proxy Access

Activate Integrated Authentication

Restrict Access to Windows Integrated Authentication

Set Up Integrated Authentication

LDAP Integrated Authentication

Map a User for LDAP Integrated Authentication

Set Up LDAP Integration Proxy Access

Activate Integrated Authentication

Restrict Access to Windows Integrated Authentication

Set Up Integrated Authentication

LDAP Integrated Authentication