Use Tricentis User Administration with Active Directory

Tricentis User Administration allows you to centrally manage users across multiple projects. This saves you time and effort as your testing projects scale.

To do so, you first need to create users in Tricentis User Administration. Administrators have multiple options for creating users; this topic explains how to create users by synchronizing with Active Directory. Synchronizing with Active Directory is a quick way to get a large number of testers into Tricentis User Administration.

What's in this topic?

This topic is for administrators. It has all the information you need to complete the following tasks: 

  • Open the connections overview, where you perform all Active Directory tasks.

  • Add a new Active Directory connection to Tricentis User Administration. You can create multiple connections, for instance if you have multiple domains.

  • Synchronize your Active Directory user groups. This brings your Active Directory user groups into Tricentis User Administration.

  • Edit connections, add or remove groups from connections, or delete connections altogether.

Tricentis User Administration is not an Active Directory management tool. Changes that you make in Active Directory transfer to Tricentis User Administration, but not the other way around.

Open the connections overview

The connections overview shows a list of all Active Directory connections to Tricentis User Administration.

To open the connections overview, access Tricentis User Administration and go to Connections.

Connections overview with two Active Directory connections

Add a new connection

To synchronize Active Directory with Tricentis User Administration, you must first create a connection between the two.

Prerequisites for secure connections

Tricentis Tosca offers secure LDAP connections over SSL (LDAPS). To use a secure connection, you must meet the following requirements:

  • You have an LDAPS server with a valid SSL certificate.

  • This certificate is considered trustworthy by the clients: the machine that holds Tricentis User Administration and any machine that tries to access Tosca Commander.

Create a new Active Directory connection

To add a new Active Directory connection, follow these steps: 

  1. Go to the connections overview and click Create new connection.

  2. In the subsequent dialog, enter the details of your connection:

Entry

Description

Name

Enter a unique name for your connection.

Domain

Enter the domain name.

If your LDAP host differs from the domain name, for instance because you use an alias, you can specify a different host in the settings. This allows you to target an LDAP server directly instead of using the domain name.

To define a different host, open the appsettings.json file in C:\Program Files (x86)\TRICENTIS\Tosca Server\AuthenticationService. Then go to the ActiveDirectorySettings section and enter the desired LDAP host into the setting LdapHost.

Use SSL

Select the checkbox to enable a secure LDAP connection over SSL (LDAPS).

Note: if you have multiple connections to the same domain, either all connections must use SSL or none. You can't have SSL enabled in one connection and disabled in another for the same domain.

Base Distinguished Name

By default, Tricentis User Administration checks the entire domain for users and groups. If you want to start the search from a different point in the hierarchy, enter a Base Distinguished Name.

Create a new Active Directory connection

  1. Click Create.

Synchronize Active Directory user groups with Tricentis User Administration

You have created an Active Directory connection to Tricentis User Administration. Now it's time to synchronize your Active Directory groups.

Keep in mind that Tricentis User Administration synchronizes groups, not users. This means:

  • You don't see Active Directory users in the users overview until they sign in for the first time.

  • As long as a user is part of an Active Directory group that's assigned to a project, they have access to this project. Even if you remove the user from Tricentis User Administration.

To synchronize user groups, follow these steps: 

  1. Go to the connections overview and select the connection you want to synchronize.

  2. In the details view of the connection, click on Assign groups.

  3. In the subsequent Provide LDAP Credentials dialog, enter the following information:

Entry

Description

Name

Enter your Lightweight Directory Access Protocol (LDAP) user name. This must be a valid LDAP name, not an email address.

Password

Enter the user password.

Filter

Optionally, add filter criteria to search for specific groups.

  1. Click Create.

  1. In the Select LDAP Group(s) dialog, select the groups that you want to synchronize under this connection and click Assign.

Select the Active Directory groups that you want to bring into Tricentis User Administration

  1. Click Save.

Edit connections

If important parameters of your Active Directory change, you can edit the connection in Tricentis User Administration. For instance if you want to switch to secure connections or change the domain.

To edit a connection, follow these steps:

  1. Go to the connections overview and select the connection that you want to edit.

  2. In the details view of the connection, perform one of the following actions:

    • Click into the name, domain, or Base Distinguished Name field to modify the respective information.

    • Select or clear the Use SSL checkbox to enable or disable a secure connection.

      Note: if you have multiple connections to the same domain, either all connections must use SSL or none. You can't have SSL enabled in one connection and disabled in another for the same domain.

Add or remove Active Directory groups

Over time, your testing needs can change. You may need to add additional groups of testers to existing Active Directory connections. Or you may want to remove groups from existing connections, because they should no longer have access.

Add groups

To add groups to an existing Active Directory connection, follow these steps:

  1. Go to the connections overview and select the connection to which you want to add groups.

  2. In the details view of the connection, click on Assign groups.

  3. In the subsequent Provide LDAP Credentials dialog, enter your credentials and click Create.

  4. In the Select LDAP Group(s) dialog, select the groups that you want to add and click Assign.

  5. Click Save.

Remove groups

To remove groups from an existing Active Directory connection, follow these steps:

  1. Go to the connections overview and select the connection from which you want to remove groups.

  2. In the details view of the connection, click on Assign groups.

  3. In the subsequent Provide LDAP Credentials dialog, enter your credentials and click Create.

  4. In the column on the right side of the Select LDAP Group(s) dialog, select the groups that you want to remove and click Remove.

  5. Click Save.

Delete connections

If you don't need a specific connection anymore, you can delete it. This deletes the connection and removes all user groups of this connection from Tricentis User Administration.

To delete a connection, follow the steps below:

  1. Go to the connections overview and select the connection that you want to delete.

  2. In the details view of the connection, click Delete.

What's next

Now that you have your Active Directory groups in Tricentis User Administration, you can assign them to a project, so your testers have access to this project. This is only necessary if you use Tricentis User Administration for authorization.

If you use Tricentis User Administration for authentication, you're good. Check the Tricentis Tosca setup guide. Maybe there's something else you still need to do?