Josh Clark is a software engineer and a member of the Professional Services team tasked with training, deployment and managing customer system integrations. He has extensive experience integrating HighGear with Active Directory.
Active Directory, in addition to all the other things it can do, is primarily used as the authoritative source for an organization’s network logins. HighGear, like Active Directory, contains a list of accounts with specific permissions and logins for each user. HighGear has the ability to directly integrate with Active Directory for user logins straight out of the box. However, HighGear does not update any information on the user’s contact record or create new contacts. For a fully automated sync, our ProServ team has developed custom integration code that works extremely well.
Why would you need a fully automated sync between Active Directory and HighGear?
Well, this removes the need for manual contact creation and updates in HighGear – enter in Active Directory and the sync replicates them in HighGear, saving time, money and the avoidance of errors. Typically, when a new employee is hired, an Active Directory account is immediately created for them and it this gives them access to their computer and the organization’s network. Where the organization is also using HighGear, then HighGear also needs a record of the employee created too. A further complication is that while IT typically manages Active Directory, HighGear may be managed elsewhere in the organization. Automatically synching removes the need for manual re-entry and inter-departmental communications.
What other reason are there for a fully automated sync between Active Directory and HighGear?
An automated sync between the two systems also ensures that all employees in Active Directory have an updated contact record in HighGear (as we’ve seen above). This means the employee’s name, email address and username are always in sync between the two systems. However, it is also possible to sync more than just these basic employee attributes, for instance, employee department or title. In addition, it is possible to sync other Active Directory attributes, such as an employee id. When a change occurs in Active Directory, the custom code will automatically update HighGear.
How is this accomplished?
Through custom integration code, developed by HighGear’s Professional Services team, using both Active Directory and HighGear’s web service API. The custom code, located on the HighGear web server, runs throughout the day, syncing the two systems. The sync will add new users to HighGear, update existing users, and remove any users that no longer exist (enhancing security even further). The custom code always recognizes Active Directory as the authoritative source, which means that user accounts in Active Directory are never modified by HighGear. The users retrieved from Active Directory are usually filtered to specific departments that use HighGear and this allows only for those specific department users’ information to be synchronized. If something does go wrong during the sync, HighGear administrators are immediately notified by the system.
What advantage does a sync with Active Directory provide?
- A sync between the two systems has the primary benefit of only requiring a change in one authoritative source (in this case, Active Directory).
- It removes the need for duplicate work, and ensures that no information falls through the cracks.
- Access security is enhanced because as users are removed in Active Directory, so they are removed in HighGear.
- Removing the need for manual creation of HighGear records removes the scope for the introduction of human error.