1) Enable Active Directory integration in the Bulksign configuration. The config settings are :
This enables Active Directory in Bulksign.
Set the name of your Active Directory domain controller
ActiveDirectoryUserName: user ActiveDirectoryPassword: password
Set the name and password of the user which Bulksign will use to query Active Directory.
The filter used to query AD. Set the name of the required AD groups here
ActiveDirectoryUserGroups: sales, marketing
Set the names of the AD user groups which will be queried and imported by Bulksign. Imported users from this groups will NOT have administrator privileges in Bulksign.
Set the names of the AD user groups which will be queried and imported by Bulksign. Imported users from this groups WILL have administrator privileges in Bulksign.
The number of items returned per page, feel free to increase this for very large number of users.
The timeout (in miliseconds) used to query AD. Feel free to increase this value if needed.
- In IIS enable "Windows Authentication" for the Bulksign website
Note : Make sure ONLY Windows authentication is enabled, all other authentication modes must be disabled
- In web.config enable Windows authentication
<system.web> <authentication mode="Windows" /> </system.web>
Bulksign comes with ActiveDirectorySynchronizer tool which allows for troubleshooting the AD integration. Run the tool from :
Running the tool will list the problems with the configuration. If there are no configuration problems, it will list all the found users.
To force a user import into Bulksign run the tool with an extra parameter :
What user data is required and why some users aren't imported ?
The following user attributes are read from Active Directory :
Users which do not have valid values for all those attributes cannot be imported by Bulksign.
How do i delete a user from Bulksign when Active Directory integration is enabled ?
Just remove the user from the Bulksign ActiveDirectory group. His/her data will be kept in Bulksign but login will not be possible anymore.
How often is the automatic user synchronization performed ?
Automatic user synchronization with Active Directory is done once every 24h.
I have just made some changes in Active Directory, can i force a user synchronization from the Bulksign UI ?
Yes, login in BulkSign as a administrator, navigate to Settings, Users and click the "Synchronize" button.
What if i want to run a automatic synchronization more often ?
You can schedule to run the ActiveDirectorySynchronizer tool, like described above.
If i am already using Bulksign with user/password authentication, what will happen with existing users if i enable AD single sign-on ?
Those users will be disabled and login wont be possible anymore for them.
Is the Bulksign api access still accessible after AD single sign-on ?
Yes, it is, just be aware that your integration code will need to authenticate first with a NTLM / Kerberos token before accessing the API.