0 votes

We use Adaxes to manage several customers AD domains but would now like to let customer admins logon to the Help Desk web portal in Adaxes to handle their own users and groups. How should I proceed setting that up? I
have different user patterns, Business rules and custom commands for the different domains. I've setup Security roles and assignments but when I logon to the web portal I only see one domain and also see all the custom commands for that domain in the portal? I'm sure I'm missing something, but what?

by (260 points)
0

Hello Niclas,

Could you explain in a bit more detail what you were trying to achieve and what went wrong? It is very hard to troubleshoot the issue based on the information you provided.

0

Hello,
Sorry I will try to explain.

We have multiple domains for different customers in Adaxes. We have web interface setuped with a interface type named "Helpdesk". I've setuped security roles for the different domains and assigned permissions to the different domains.
When I then open the webinterface and logon with a user in domain A I see the commands and OU structure for domain A. Then I login with a user in Domain B and still see that same commands and OU structure (domain A).
How do I make sure that users in Domain B's security roles see the correct AD OU structure and also can I assign different set of custom commands per domain/security roles?

0

Noone that has some input on this?

1 Answer

0 votes
by (216k points)

Hello Niclas,

Sorry for a delayed reply.

Could you provide more detail as to how you configured the Security Roles? Did you disable the built-in Domain User role that allows all users viewing all objects? For more details on how to show users only parts of your AD they need to view, see the Hide Active Directory Objects from Users Tutorial. You can use it as a guide.

As for Custom Commands, you can distribute permissions to execute Custom Commands the same as permissions for any other operations, with the help of Security Roles. For information on how to do this, see the following tutorial: http://www.adaxes.com/tutorials_Delegat ... mmands.htm. The tutorial shows how to add permissions to execute Custom Commands to an existing role, but you can create your own Security Roles for this purpose. With the help of Assignments of such roles, you can define who can perform the Custom Commands and where. For details on how to use assignments of a Security Role for this purpose, see the following tutorial (starting from step 5): http://www.adaxes.com/tutorials_Delegat ... erties.htm.

0

Thanks! I saw that I hadn't changed the Builtin - Domain User assignment, so that only one domain was assigned. I've assinged domain users from the other domains to their domains now and it works.
Now I'll try to fix the custom commands using the info I got.

0

It's actually one thing I'm not getting right. In the web portal I've added Custom commands to the "Home page actions". But I can't seem to filter these actions out depending on which user logs on? If I have a custom command for Company A and another for Company B I would like to have these filtered in the portal. Can that be done or are we forced to have several "Interface Types" (i.e different sites) ?

0

Hello Niclas,

No, currently it is not possible to filter Home Page Actions based on which user is logged on. We have such a request in our Product Backlog. It will be available in one of the future releases.

For now, you can create different Web Interfaces for customers. Alternatively, you can create all-round Home Page Actions that behave differently depending on which user is logged in. For this purpose, you can use value references. When a Home Page Action is executed, the value references will be replaced with property values of the logged in user.

For example, when specifying a container where users can execute a Home Page Action, you can do it like this:

However, you can use value reference %adm-InitiatorDomainDN% instead of a specific domain DN. When the action is executed, the value reference will be replaced with the Distinguished Name of the domain of the logged in user.

In the above scenario, if a user from domain example.com logs in, they will be able to select objects from OU OU=Offices,DC=example,DC=com. However, when a user from domain contoso.com logs in, the OU will be OU=Offices,DC=contoso,DC=com

Related questions

0 votes
1 answer

I have tried it using the Custom Commands Action "Add the user to a group", which only allows me to add the user to one group at a time, and can't use the multiple DNs that the ... I can't get it to work. Could you assist me in finding the best way to do this?

asked Jan 16 by dominik.stawny (280 points)
0 votes
1 answer

Hello, How it works if I have multiple accounts in one domain, and other accounts in others domains managed by Adaxes ? Thank you. Regards. Pierre

asked Jun 9, 2021 by pierre.saucourt (40 points)
0 votes
1 answer

If I would like to manage multiple clients, each with their own domain, do I need to have VPN to each client to access their DC?

asked Sep 25, 2020 by Reid (40 points)
0 votes
1 answer

We are using Adaxes to manage multiple domains. upwards of 10 domains. There is no trust between the domains. The are all separate stand alone. We want to setup a scheduled ... domain has an Adaxes service account setup and that is what i would want to use.

asked Sep 14, 2020 by gt_111 (20 points)
0 votes
1 answer

Hi, We are considering your product and interested to see if it fits in our use case. Imagine a scenario where you have a niche SaaS product that runs in a self ... Can your product handle non-unique domain names and SID's and in what fashion? Thanks

asked Aug 4, 2020 by lharrisclcs (20 points)
3,589 questions
3,278 answers
8,303 comments
548,137 users