How does Software Integration work with Active Directory?
Often when a healthcare provider requests a demonstration from us, we are one of many software vendors they are currently evaluating. It’s important, and understandable, that when you’re looking for policy management software, or a web application, to integrate into your existing enterprise infrastructure, you want the set-up to be painless. This is why doing a thorough evaluation of vendors is so necessary and important. If the computers that your company uses run Windows, then chances are you’re using Active Directory as a place to store information about your employees. This might mean we turn out to have the perfect software to suit your needs, or it may mean we need to point you to another vendor.
How Does Active Directory integration Work?
When a user logs into a software or web application the username and password are verified against your existing infrastructure to ensure that the credentials of that specific user are valid. Obviously, if the credentials are invalid the user is not allowed into the application. Once a user has entered valid credentials, the application will request a set of fields, which vary from provider to provider, from your Active Directory infrastructure (for our software we only request first name, last name, email and samaccountname). Once your Active Directory infrastructure returns the set of information about the user, the application will create or update the user’s application account to ensure that all vital information is kept in-sync. It should be noted that few applications update Active Directory fields automatically and will typically require the user to log-in, or an admin will have to manually run a synchronization from inside the application.
How Does One Set-Up Active Directory Integration?
Active Directory integrations rely on three major parts: a client’s LDAP server, a provider’s LDAP/SSO server, and a secure Virtual Private Network (VPN) tunnel. A client LDAP server is located inside your existing infrastructure and is the base requirement for Active Directory integration (as seen above). A provider’s LDAP/SSO server is the server that all LDAP requests will come from when authenticating users or synchronizing information between Active Directory and the provider’s application. For security and networking reasons we do not want the communication between the client and the provider to be over the open internet, which is where a VPN tunnel comes in. A VPN tunnel builds a direct connection between the client LDAP server and the provider’s LDAP/SSO server, making the servers think that they are sitting right beside each other, inside the same network. All of our VPN tunnels utilize U.S. DOD grade security with AES 128-bit encryption, SHA-1 hashing and Diffe-Hellman Group 2.
We here at PolicyMedical have spent countless hours working with IT and Networking teams from Hospitals and Health Systems across the United States and Canada ensuring a stable and ever improving Active Directory functionality within the PolicyManager suite of products. The aim is that this functionality is apt for your healthcare’s needs, but it can’t possibility be perfect for everyone.
Send me an email at wesley@policymedical.com, and I’ll be happy to provide you with our LDAP documentation to help educate you further. Alternatively if you have a general question please contact us.