Navigate
or
Contact Us
Subscribe Download PDF

MobileAsset v7 Enterprise edition: Active Directory login integration for PC clients

Scott Leonard
2020-08-19
in Version 7
What it does: Allows login to the MobileAsset PC client based on the logged-in Windows username, authenticating via Active Directory.
 
Note 1: Active Directory login integration is only available in the Enterprise edition, not Standard or Professional.
 
Note 2: Mobile devices (Windows Mobile/CE, Android, iOS) cannot use Active Directory to log into their apps. A MobileAsset username & password must be used to log in from a mobile device. It is possible (from the PC client) to set a MobileAsset password so that the user account can log into a mobile device, but keep in mind MobileAsset will not automatically update its password (even if the AD account is used to log into the MobileAsset PC client).
 
Note 3: This feature will add an Employee (or Staff for .EDU edition) when that person logs into MobileAsset for the first time, but MobileAsset does not use AD to import that list en masse.

Procedure

  1. In Active Directory, create or designate one or more groups that will have the ability to log into MobileAsset. Make a note of the exact name(s), which you will need in Step 3.

  2. In the MobileAsset client, click Administration on the left, Options on the right.
    a. Click Support\Active Directory, then check the Yes box (one time only).
    b. Optional: By default, when an AD user signs in the first time, an entry in the Employee list is created. If you don't want an employee created (in addition to the user, which is always created), see the appropriate article in Related Pages below.
    c. OK.

  3. Administration, Security, Group Manager: Create one or more groups with the exact same name(s) from Step 1. Make sure the group(s) have the Allow PC Login privilege checked.

  4. Quit MobileAsset.

  5. Now when MobileAsset is launched, it will attempt to authenticate the logged-in Windows user via Active Directory. Note: MA can't read or store AD passwords. Instead, MA calls the Windows authentication routine and receives a success or fail response.
    a. If successful, MobileAsset launches. At a user's first login, their MobileAsset userID is created in the MobileAsset group.
    b. If MobileAsset receives a fail response, it will show a login box, which will only accept MobileAsset credentials (not Windows credentials).

  6. After having successfully logged in with AD, if the user does File menu, Log Out, MobileAsset shows the MA-only login box. Since MA can't see or store Active Directory passwords, it can't log an AD user in at this screen. To log in again with Active Directory, the user will need to quit MobileAsset completely, then relaunch.

Related Pages