Hi,

(1) It's certainly possible to do that. Just override the login code and implement a call to AD to validate the username/password. You can even implement is as a single sign-on.

Don't worry about the password in OutSystems.Just leave it blank because you'll validate against AD. Saving the AD password in outsystems is not an options as you probably won't be able to decrypt it (I suppose AD uses a one-way encryption). Filling in a password in the OutSystems user table is also a security risk should your AD fail at some point. Then people would be able to get in and that's not what you want. Somebody with DB access could even grant himself access.

So just create OutSystems users - can be done directly via the database at first login time or via a sync procedure between your AD and OutSystems in order to create new users automatically - with an empty password

(2). If you have tha information available in your AD, I suppose you'll be able to retrieve it.

Hi Johnson,

(1) The Users' application already implements Integrated Authentication on its User_Login (that your application is likely already using), and behaves like you described (checks OutSystems credentials first, if there's no match check against Windows/AD... and if successful, creates a local "shallow" User record with the username but no password - you want to continue going through AD for authentication).

(2) Is most certainly possible, the Authentication extension module (part of the platform) already has:

• the ActiveDirectory_GetAccountDetails action that provides access to Name, Email Address, Phone Number and whether the user is active or not.
• the ActiveDirectory_GetAccountGroups action that returns a list of Groups.

And you can further explore the Active Directory forge component, that has quite an extensive list of available actions

Thanks Jorge and Kurt

Hi Jorge and Kurt,

I try to set up the Ad information as screen below but then i have below error.What should i do actually?

1.Does the domain user name and password is mandatory?Previously when we deal with Visual Studio there is not required.Perhaps they are the same Microsoft product.

2.For the domain, i just key in the server name such as "ADServer.com".Is there any extra text i need to put in?

Hi Johnson,

Looks like you have outdated dependencies somewhere?... make sure you're using the correct versions of CryptoAPI and ActiveDirectory components.

Jorge, I try to recompile and it is working.But then i hits below error(Screen 1).I have already key in the domain user and password which is of mine normal user account.

I try to debug but the the most debug point(screen 2) i can reach is AD_UserSearch2 which is from ActiveDirectoryCore module.Then i was prompted with screen below with error "The supplied arguments cannot be null."(screen 3). How to reach to debug further details for action AD_UserSearch  in ActiveDirectoryCore to find out the root cause?

                                                                      Screen 2

                                                                     Screen 3

Can anyone help?

Johnson, before dealing with installing/updating Applications, I suggest you open the Users Application and check how the User_Login Action is implemented. In order to view its contents:

• Open a responsive module of any Web Application
• Select the Interface tab
• Expand the UI Flows folder
• Right click on the Users dependency
• Select "Open 'Users' eSpace".
• You will be asked "Do you want to open a clone of the module?". Select "Open a clone".
• On the CloneOfUsers module, switch to the Logic tab
• Double-click on the User_Login server action

If you want to download/install/update an application, in Service Studio, go to the Environment tab and press "Install Application":

You will notice Service Studio switches to the first (black) tab, labeled "outsystems". Login using your OutSystems Community username/password and choose the application you want to install. For CryptoAPI, for instance, you can search for "crypto" and select the CryptoAPI application from the list and install/update it if needed.

Dears,
        I have an application which use active directory and outsystems users, and they are both inserted in the Users Outsystems table.

now I'm having Issue that If I logged in form the Admin(ActiveDirectory) Login Page using a public user, the user passes the login function but raise "no permission exception". 

The question here is how to differ between the active directory users and regular OutSystems Users while they are running on the same tenant and the same Users Entity.

Thanks in advance, 

Best Regards
Mohamed AlMokadem

The idea is you don't distinguish... but when you pass the login function you need to make sure the users from AD users have OutSystems roles assigned (typically you'd do this everytime a user logins if your roles somehow come from the AD as well, or manually add the roles to those users throught the OutSystems Users application)

Hi Mohamed ElMokadem,

Mind to share your code?  

Hi Saswata,

Sorry if it feels like I'm stalking, but reviving two old threads with generic questions is really against the Community etiquette. 

If you have one problem, create one thread. Don't post the same issue to multiple Community threads. I know this feels like "various threads means more people can help me", but this will often be perceived a lack of respect for the time of the people who contribute voluntarily to the Community. 

Joao