HighQ has integration with Active Directory (AD), LDAP and similar services. AD integration requires the installation of the HighQ Appliance and then configuration of the Active Directory connector. Below is a FAQ detailing the implications of integrating active directory with Collaborate.
Individual user accounts
Q: How can my firm create users in Collaborate after the Active Directory connector is enabled?
A: After the HighQ Appliance and Active Directory connector are installed and enabled, an Administrator at your firm will configure a search query in the AD connector to determine which AD users and AD groups will be added to Collaborate. (For example, only employees in your London office may be added that way.) Any AD users who match the search query will have Collaborate accounts created for them automatically.
There may be AD users who do not match the search query initially, but do so in the future. This might happen if new users join the firm, the search query is modified later on, or for other reasons. In that case, those users will automatically have Collaborate accounts created in the future.
Internal users can still be created manually from within Collaborate, just as before. Until the AD search query is modified to bring those users into Collaborate, those users will not be connected to AD.
Q: Will every user in our AD system get a Collaborate account automatically?
A: No, only those users who fit within the AD search query that is used by the AD connector will have Collaborate accounts created automatically (or synced to existing Collaborate users), as described above.
Q: After we enable the Active Directory connector, how will this impact any existing Collaborate users from my firm?
A: There will be no visible impact on those users. If at any time an AD user is synced to Collaborate based on the AD search query and there is an existing Collaborate internal user with a matching email address, the two accounts will be linked. Any internal Collaborate users who do not match the AD search query (such as test accounts) will not be linked to AD in any way.
Q: After a user is added to Collaborate via AD, will those users need to be added to sites or need to set their passwords?
A: Yes. Users added to Collaborate via AD will still need to be manually added to sites, or they will need to be added manually to System Groups which are associated with sites. (AD users do not need to be manually added to AD groups that have been brought into Collaborate, and some of those AD groups may be associated with sites.)
Users created from AD will also need to manually set their passwords in order to access Collaborate, which they can do from the email invitation they will receive when they are added to a site. (If Single Sign On is enabled, then those users will not be required to set their passwords to access Collaborate, but they will only be able to access Collaborate from inside your firm's network.)
Q: What happens if a user's AD account is disabled? Will that user be removed from Collaborate?
A: For an internal user whose Collaborate account is linked to a disabled AD account, that user's Collaborate account will not be archived when their AD account is disabled, but instead that user's Collaborate account will be marked as inactive. The user will not be automatically removed any sites in Collaborate, but the user will not be able to login to Collaborate as long as their AD account is disabled. Once the AD account is made active again, the user will resume full access to Collaborate and the sites they had been added to.
Q: What happens if a user's AD account is deleted? Will that user be removed from Collaborate?
A: For an internal user whose Collaborate account is linked to a deleted AD account, that user's Collaborate account will be archived when their AD account is deleted, which will remove them from all sites in Collaborate and restrict their ability to login again. Any internal Collaborate user who is not linked to an AD account will be unaffected by what happens to their account in AD.
Q: Can I archive a user's Collaborate account if their AD account is still enabled?
A: No, the user's Collaborate account cannot be archived if it is being synced with AD. That can only happen from within AD.
Q: If a user's account has been deleted in AD and then archived in Collaborate, can that user's Collaborate account be manually reactivated, such as by adding them to a site?
A: Yes. That user would no longer be synced to AD and could be reactivated like any other Collaborate user.
Q: What happens if a synced user's AD account no longer satisfies the AD search query used to associate AD users with Collaborate users?
A: In that case, the connection between the user's AD account and Collaborate account will be severed, but the user's account in Collaborate will otherwise be unaffected.
Q: Will a Collaborate user's name and other information be set from their name in Active Directory?
A: Yes. Information like a user's name, title, department, etc. can be set from AD, if the AD connector is configured to export that data to Collaborate. That information will be set when an AD user is newly created in Collaborate or an existing Collaborate user's account is synced from AD. A synced user can manually update this information from within Collaborate, but if there is an update to that user's account in AD, then any changes that were made in Collaborate will be overwritten on the next sync.
AD Groups
Q: How are AD groups added to Collaborate?
A: In the same way as individual user accounts. The Administrator will create a search query that determines which AD groups should be accessible from within Collaborate.
Q: If an AD group is added to Collaborate, will all of the members of that group also have accounts created automatically in Collaborate?
A: No. The creation of the AD group in Collaborate only creates the group, it does not create users. Any AD users who have been synced to Collaborate and who are in such an AD group will become members of that group in Collaborate. Any unsynced AD users will not be added to the AD group in Collaborate.
Q: What happens if an AD group that has been synced to Collaborate is deleted in AD?
A: The AD group will be converted to a regular System Group and an email is sent to all System Administrators about this change.
Q: What happens if an AD group that has been synced to Collaborate no longer matches the AD group search query?
A: The group will be converted to a regular System Group, but will no longer be linked to AD. In that way, the former AD group will not be removed from any sites it has been given access to.
