About Active Directory Authentication

Active Directory is Microsoft's LDAP directory service for Windows domain networks. It is included with most versions of Microsoft Windows Server. The Active Directory domain controller performs many functions, such as authenticating and authorizing all users and computers in a Windows domain type network. However, Vocera uses Active Directory only to authenticate users using the central Active Directory database.

Active Directory is not used for authorization of Vocera users. Authorization of Vocera users is handled by Vocera permission groups.

If you configure the Vocera Voice Server to use Active Directory authentication, users can log into Vocera Voice clients (such as the Administration Console or Staff Assignment) with their current network credentials. All user passwords reside in Active Directory rather than in the Vocera Voice Server database, simplifying administration.

You must configure both the Vocera Voice Server and the Active Directory server for Active Directory authentication to work correctly. Depending on how your Vocera user accounts have been set up, you may need to map an Active Directory login attribute to use for authentication. This login attribute binds the Active Directory credentials to a Vocera user account.

Preparing for Active Directory Authentication:

  1. Make sure your Active Directory server is the correct version.
  2. If SSL is enabled on Active Directory, obtain the SSL CA certificate from the Active Directory and copy it to the Vocera Voice Server machine.
  3. Make sure your Active Directory server has a service account with read access to the directory. Obtain the user ID of this account and the password.
  4. Identify the login map field, the Active Directory field that binds Active Directory credentials to a Vocera user account. You need this field name to configure Active Directory authentication in the Vocera Administration Console.

    See Login Map Field Requirements.

    Important: Make sure that all Vocera users have their Vocera user ID specified in the login map field. Otherwise, they won't be able to log into the Vocera Administration Console, User Console, or Staff Assignment clients.