You can simply connect your corporate directory to Iterop to centralize the management of your users: Synchronize Iterop users and groups to mirror those in your directory. Allow your users to authenticate through the corporate directory to have the same password as the rest of your business applications. Tab: Administration Rights: Administrators: Consultation, Creation and Modification
Iterop offers by default an authentication method for users with a secure backup of passwords for the application. If you already have a user directory in your information system, you can connect it directly to Iterop by default.
There are four possibilities to adapt to your needs and the system in place:
- Internal
- CAS
- LDAP
- Active Directory
If none of the 4 alternatives speak to you, keep the default configuration. If not, here is a comparative table of these methods:
| Internal | CAS | LDAP | Active Directory | |
| No additional configuration | ✅ | – | – | – |
| Reediting the password | ✅ | – | – | – |
| Centralized management of identifiers on your IS | – | ✅ | ✅ | ✅ |
| Possible synchronization with Iterop | NA | – | ✅ | ✅ |
| Single sign-on (SSO) | – | ✅ | – | – |
Setting up external authentication
To set up external authentication :
- Click on the Administration tab 1️⃣ in Design then in the section “Choose authentication type“, select “Change method” 2️⃣
- You then arrive in the choice of the method where you have the possibility to choose among the 4 methods presented below :
- Internal
- CAS
- LDAP
- Active Directory
Each authentication method involves different parameters displayed in the “Settings” area.
| Internal | CAS | LDAP | Active Directory | |
| server URL | – | ✅ | ✅ | ✅ |
| Login access | – | – | ✅ | ✅ |
| Access password | – | – | ✅ | ✅ |
| Search base¹ | – | – | ✅ | ✅ |
| Attribute for the login² | – | – | – | ✅ |
1 Point in the directory tree where your users/groups are stored. These can be located at any depth from this point.
For example, in the case of a connection to an Active Directory, the interface will be as follows:
The various expected parameters are present.
Once the window is validated with the “OK” button, the new configuration is effective.
However, your session remains active. It is therefore strongly advised try to connect from another browser or by using the private browsing mode to validate the new configuration before logging out of your session. Only the Iterop support team will be able to intervene if your configuration does not allow you to connect anymore.
Synchronize your users / groups on Iterop
It is possible to synchronize your Iterop users and groups to match those in your corporate directory.
To do this, just click on the “Synchronization” button in the main window. The synchronization will then be done every night and will take into account the whole hierarchy (including child nodes) from the search base.
It is then possible to add two options:
- Delete old data : removes from Iterop users (and groups if any) no longer listed in the directory. This does not concern the application administrators in order to avoid any blocking of the application.
- Synchronize groups : synchronizes groups (in addition to users) and group memberships, including nested groups
