Usage of Windows Active Directory for User authentication and service provision

1. Active Directory Domain Services
Authenticated Network Access
By Aliya Saldanha – Business Analyst

2.  The contact centre environment mandates a
network that needs to be highly secure and
scalable. Its users need access to various
services, functionality and capacities on the
domain or local system. Also, these users
may need to be restricted or barred from
accessing restricted services and network
resources. For this, our client processes work
in a specially demarcated network region
known as a domain. Domains can be shared
i.e. on the general organization domain or
Isolated i.e. within its own domain cut off
from the remaining organization units.

3.  The applications and functions available to a
user are defined in the Windows Active
Directory which is a database that can be
searched to provide network user
information. It stores a wide range of domain
information in a common and retrievable
format. User accounts, computer accounts,
group accounts, access control lists, security
identifiers, Group Policy Objects (GPOs),
shares, printers, properties about users and
their locations, are all stored in the Active
Directory.

4.  The Active Directory allows the creation of
hierarchies within a domain that facilitates user
management and their segregation within the
organization. Each domain hierarchy is composed
of a number of ‘Organizational Units or
processes’.
 Eg – a client of a ticketing process may have a
number of users. The TL’s and CSA’s may require
access to certain network resources. For this,
these users may be given the necessary access
rights within that domain using AD services.
Simultaneously the Quality and MIS team for this
process may not require the same and this
disabling or restriction is also done using AD
services.

6.  Within the organizational unit, there are varied
users with access usage restrictions and control.
So, the organizational unit acts as a container to
group users and objects such as printers,
computers, applications, hardware for
segregation and application of policies.
 The organizational unit hierarchy within a
domain is independent of the structure of other
domains; this means that each domain can
create and implement its own hierarchy. The
structure is totally flexible, and allows creation
of organization environment that mirrors the
administrative model.

7.  The User Profile facilitates the
authentication of user accounts and
determines that a user who logs on to the
domain is who the user claims to be and that
the user does indeed have an account either
in the domain or in a domain that is trusted.
 After the user is authenticated, however,
the CRM database must provide security role
(authorization) to determine what objects
the authenticated user can view or change
and what kinds of changes are allowed.

8.  CRM is based on Windows authentication
therefore users logging into the CRM should
have an account in the active directory.
When a user attempts to login to the CRM,
she/he is prompted to enter their
WindowsLoginID, Password etc.
 This entered information along with the
domain name is the passed on to AD service
which authenticates the user. If the details
specified by the user are correct the AD
service sends a reply specifying that the
authentication was successful.

9.  Upon successful authentication from the AD
service, the application will attempt to
connect to the CRM Database which stores
the roles and their related accessibility.
 If the windows ID has been provided access
to the database a connection will be
established. The application will then fetch
the role assigned for that particular ID from
the CRM Database.