Active Directory Connector

The AD connector enables read only import of user information from Microsoft Active Directory (AD), Microsoft Entra ID and Konnekta.

Using the AD connector, the administrator can import users and groups from AD, Entra ID or Konnekta using the Select AD Users function in Totalview Admin.

IMPORTANT: Without selecting any AD Groups using the Select AD Users function in Totalview Admin, no users will be imported, regardless of connector configuration.

The AD integration can be set up to import users automatically at specific times, in the AD Connector configuration.

See Select Users for Synchronization for more details on how to get the import working.

The AD connector requires a valid license to be able to connect to the Totalview server.

The TotalviewADTester program can be used to test the settings to be used when reading user information from AD. The tester program is found in the <Totalview>\InstallFiles\AD folder.

AD Connector Parameters

Parameter	Explanation
Type	Supported types are LDAP, Entra ID, and Konnekta.
LDAP address	When using LDAP. The path in ActiveDirectory that should contain the AD Groups to use with AD synchronization. AD users do not need to belong to the path. Only the AD Groups matter. Examples of LDAP paths are listed below.
Username/Password	When using LDAP. In case the Windows user running the AD connector does not have read access to Active Directory, credential for a Windows user with access can be added. Add Username and Password for a Windows user with access to Active Directory. The Username can be in the format user@domain.com or domainuser. When username/password are used, the authentication method use is Secure.
Tenant Id	When using Entra ID. Tenant Id for the Microsoft Azure App Registration. See Azure App Registration Requirements for Entra ID for more info.
Client ID	When using Entra ID. Client Id for the Microsoft Azure App Registration.
Client Secret	When using Entra ID. Client Secret for the Microsoft Azure App Registration.
Konnekta Provider	When using Konnekta. Select existing Konnekta connector to use.
Users filter group	DEPRECATED PROPERTY. Instead of this property, use the “Select AD Users” functionality in Users tab in Totalview Admin. Optional LDAP path to AD Group in ActiveDirectory that limits the import to only take users from the specified group. Only users in the group are imported. If path is left blank all users in the LDAP address path are synchronized for the groups selected for synchronization. It’s required that the Users filter group path is within the LDAP address path.
Ignore paths	Optional. Path to filter out users or groups with an ending path equal to specified path. In LDAP, path to filter out users with an ending path equal to specified path. E.g. filter out all users with ending path “ou=Users,dc=Contoso,dc=Com”. In Entra ID, path to filter out users or groups by Object Id. In Konnekta, search filter out to filter out users or groups by Group Name or User Id. Multiple paths to ignore can be separated by ;.
Device length	Part of the WORK number to be used as local device number in case of fully qualified WORK numbers. E.g. if WORK number is registered as (+45)34123400 then a Device length of 4 will result in a local device number of 3400. If Device length is 0 no changes are made to the WORK number. Not used in Konnekta.
Trim numbers	Remove blanks from phone numbers when importing. Not used in Konnekta.
Remove parentheses	Remove parentheses from phone numbers when importing. Not used in Konnekta.
Include security groups	Include AD or Entra ID security groups in the search result. Default is false. Not used in Konnekta.
Ignore child groups	Only synchronize user in the selected LDAP path and ignore any child groups. Multiple groups can be separated by ;. Not used in Konnekta.
Mapping parameters	If required the default mapping between Totalview fields and AD/Entra ID/Konnekta properties can be changed. Change the default mapping by adding a new mapping for the Totalview field. More than one AD/Entra ID/Konnekta property can be mapped to the same Totalview field. Separate the AD/Entra ID/Konnekta property value with comma (,) or semicolon (;) to be able to create more than one Totalview field. E.g. register two mobile numbers separated by comma to have two Totalview contact items of type Mobile created for the user. The Totalview fields that start with CF: are Custom fields. When mapping to custom fields with predefined values, the values must be defined in the list before they can be synchronized. Supported and default mappings for each type are listed here: LDAP AD Import Mappings Entra ID Import Mappings Konnekta Import Mappings

Examples of LDAP paths

Tip: It is enough that the LDAP path points to the OU (Organizational Unit) where the AD Groups are located. Where the AD Users are located is not important, as long as the connecting user has proper access.

Path	Description
<Empty>	Group search will be performed across the entire local AD
LDAP://contoso.com	Group search will be performed on the entire contoso.com AD
LDAP://ADservername or IP	Group search will be performed on the entire AD
LDAP://OU=TVUsers,DC=contoso,DC=com	Group search will be limited to TVUsers Organizational Unit
LDAP://IP/OU=TVUsers,DC=contoso,DC=com	Group search will be limited to TVUsers Organizational Unit in the specified AD server

Active directory sync settings

Sync daily	Activate daily automatic synchronization of users. When activated the synchronization will be performed once a day at the time specified in Sync every day at. The synchronization will read from the configured directory type and update users in Totalview accordingly.
Clear resource details	If set, all the non-private contact information is cleared when a user is synchronized. If not set, contact information is merged.
Sync every day at	Time of day, in HH:mm format, when to run the automatic synchronization.
Sync images from AD	When enabled, users’ profile images are synchronized from Active Directory. When disabled, users can upload their own images through the client.

Azure App Registration Requirements for Entra ID

When using Entra ID, an Azure App Registration is required with Tenant ID, Client ID, and Client Secret specified in configuration.

In addition, it is required that the following API permissions are added:

• User.Read.All

• Group.Read.All

• GroupMember.Read.All

• Admin Consent Granted

Steps to Migrate from LDAP to Entra ID

Use the following guide when changing from LDAP to Entra ID:

1. Backup Totalview database.

2. Log in to Admin and take screen shots of all AD Groups’ configurations. These must be manually corrected later.

3. Note down number of active and inactive users.

4. Change existing AD Connector to type Entra ID. Configure authentication parameters.

5. In Admin, select “Select AD Groups” and add the same groups to be synchronized as before.

6. Verify that the number of active and inactive users is unchanged, from step 3).

7. Save changes.

8. Adjust AD group configuration based on screenshots in step 2).