Plataforma de Marketing integration with Windows Active Directory provides the features described in this section.
IBM® EMM applications query the
Plataforma de Marketing for user authorization information. When Active Directory server integration is implemented and Windows integrated login is enabled, users are authenticated to all
IBM® EMM applications when they log in to the corporate network, and no password is required to log in to
IBM® EMM applications. User authentication is based on their Windows login, bypassing the applications’ login screens.
Only three special characters are allowed in login names: dot (.), underscore ( _ ), and hyphen (-). If any other special characters (including spaces) are present in the login name of a user you plan to import into the Plataforma de Marketing from your Active Directory server, you must change the login name so that the user does not encounter issues when logging out or performing administrative tasks (if the user has administration privileges).
When Windows integrated login is enabled, all users are created and maintained in the Active Directory server. (You do not have the option of creating some users in the Plataforma de Marketing, which are known as internal users in this guide). If you require the ability to create internal users, do not enable Windows integrated login.
When integration is configured, you cannot add, modify, or delete the imported user accounts in the Plataforma de Marketing. You must perform these management tasks on the LDAP side, and your changes will be imported when synchronization occurs. If you modify imported user accounts in the
Plataforma de Marketing, users may encounter problems with authentication.
Any user accounts you delete on the LDAP side are not deleted from the Plataforma de Marketing. You should disable these accounts manually in the
Plataforma de Marketing. It is safer to disable these deleted user accounts rather than deleting them, because users have folder ownership privileges in
Campaign , and if you delete a user account that owns a folder, objects in that folder will no longer be available.
The Plataforma de Marketing imports groups and their users from the directory server database through a periodic synchronization task that automatically retrieves information from the directory server. When the
Plataforma de Marketing imports users and groups from the server database, group memberships are maintained.
You can assign IBM® EMM privileges by mapping an Active Directory group to an
IBM® EMM group. This mapping allows any new users added to the mapped Active Directory group to assume the privileges set for the corresponding
IBM® EMM group.
A subgroup in the Plataforma de Marketing does not inherit the Active Directory mappings or user memberships assigned to its parents.
If you do not want to create groups in your Active Directory server that are specific to IBM® EMM products, you have the option to control the users who are imported by specifying attributes. To achieve this, you would do the following during the configuration process.
You should try to avoid this situation. However, if it occurs, the partition of the IBM® EMM group most recently mapped to an Active Directory group is the one that the user belongs to. To determine which Active Directory group was most recently mapped, look at the LDAP group mappings displayed in the Configuration area. They are displayed in chronological order, with the most recent mapping listed last.
When IBM® EMM is configured to integrate with an Active Directory server, users and groups are synchronized automatically at pre-defined intervals. During these automatic synchronizations, only those users and groups (specified by the configuration) that were created or changed since the last synchronization are brought into
IBM® EMM. You can force a synchronization of all users and groups by using the Synchronize function in the Users area of
IBM® EMM.
LDAP users with special characters in their login names may experience problems with authentication. See Referência de Janela de Usuários for a list of allowed special characters. For LDAP accounts that you plan to import into
IBM® EMM, change login names that contain special characters that are not allowed.