TaskControl supports Windows Authentication by Microsoft using MS Active Directory resources.
Information passed from MS AD
Information received from the website TaskControl instance is limited to user logon name, name, surname and email address.
A user opening TaskControl website instance is authenticated by internet browsers from Windows interactive logon process. This is single-sign on approach.
TaskControl receives information and can proceed with authorization process providing a role to the user. The user is further receiving initial page with data depending on the role if any is found.
A user with no role recieves a default message about rejection and he/she needs to ask Manager role to create a user.
User registration to TaskControl
Option A – Access denied approach:
If a user with no role to TaskControl opens the website and is authenticated, an Access Denied page is displayed yet the user is registered automatically to TaskControl with his/her AD user logon, name, surname and email address.
A person in Manager role can find the new user registration in the Users view and assign Role and update all necessary information and assign necessary Roles.
The user now registered will have access to TaskControl instance closing and opening web browser.
Option B – Proper registration:
Before the user opens TaskControl for the first time with no role (Access denied approach) it is possible to create full registration of the user.
The user can be created manually using Domain\UserLogon form as Unique ID.
Bulk operations allow to export necessary data for multiple users. Bulk insertion is described here.
The registration of the user in TaskControl uses user logon as a unique and primary key that identifies the user. All the other fields (Name, Surname, Email, Mobile Phone, Team) are not used for autentication and serve as display or notification information used by TaskControl functionality only.
Once user is registered with unique Domain\UserLogon, he/she is authenticated and roles assigned the first time opening TaskControl website.
ObjectID (logon) cannot be duplicated in Users table.