Skip to main content

Search, replay, and session administration

Search, replay, and session administration

Configuring authentication

Configure authentication by completing the following tasks.

Configuring Active Directory

To enable NT authentication use by Tealeaf, you must complete the following configuration steps in Active Directory.

  1. In Active Directory, create two global security groups, one each for users and administrators. For example, TLuser and TLadmin.
  2. Assign Tealeaf users to these groups.
  3. Tealeaf administrators must be permitted to create events. Access is provided by enabling access to the Event Manager through the Portal menu. Note: Search Server can be configured to use a Tealeaf event-based method for data segmentation. See Configuring the Search Server.
  4. Verify that the Portal Server has permission to query Active Directory for group information. For more information, refer to your Active Directory documentation.
  5. A service account must be created or used to run the Search Server service. You must create a new account within Active Directory if the local computer account does not have these rights or if multiple domains are involved.
  6. Test accounts from both user groups by logging in to the Portal and running a search.

Configuring NT authentication for Search server

To configure NT authentication for the search server, edit the Search Server configuration using TMS in the Portal.

Verify that the Admin and User groups you want to use for the Search Server exist on the NT domain controller that you are using for authentication.

  1. In the Portal, navigate to TMS.
  2. In the WorldView tab, drill down to the Search Server component for the desired server.
  3. Select Search Server configuration and click View.
  4. Click Edit on the Config Info dialog to edit the configuration.
  5. In the Authentication area of the Search Config window, click Modify.
  6. In the Authentication dialog, do the following:
    1. For Authentication Type, select NT Authentication.
    2. Select the NT domain to use from the Domains drop-down menu.

      To enter another domain, select Enter Domain. In the dialog box, enter the domain identifier.

      Note: To specify a child domain, you may need to try both of the following forms:
      • child.domain.com
      • child
    3. Click Add to User Groups.

      Users who are members of the groups in the User Groups list can use Search Server features such as searching, getting session information, and retrieving sessions. Users who belong to only this group may not configure Canister events.

      1. The resulting Add Group dialog lists the groups defined on the domain controller for the chosen domain.
      2. Choose a group from the list and click List Group. A list of members of that group is displayed.
      3. Click OK to add the group to the list of Search Server user groups. Repeat this step if needed.
    4. Click Add to Admin Groups.

      Only users who belong to this group may configure Canister events and upload shared Viewer profiles.

      1. The resulting Add Group dialog lists the groups defined on the domain controller for the chosen domain.
      2. Choose a group from the list and click List Group. A list of members of the group is displayed.
      3. Click OK to add the group to the list of Search Server user groups. Repeat this step if needed.
    5. Click OK to close the Authentication dialog.
  7. Enter a description for the change to the configuration in the Version Description field and click Save.
  8. When prompted whether to add tasks to push the new version, click Yes. Also select Yes if you want to add restart tasks.
  9. Enter a description in the Current Job pane, then click Submit to push the changed configuration and restart the Search Server.
  10. Test the authentication by opening the CX RealiTea Viewer and running a search.

    If you are not a member of one of Search server user groups, you are denied access to searching.

    Note: If Search Server NT authentication is enabled and the Search Server service is running as a user that is not registered on the NT domain specified in SearchConfig (a member of one of the machine's local user groups), the service fails to start (it may return error code 110). Running the Search Server service under the Local System account is acceptable.

Enabling Portal NT Authentication

To use NT authentication in the Portal, the machine on which the Portal is running must be a member of an NT domain. It should be in the same domain as the NT domain controller, or a trust relationship must be established between the domain controller domain and the Portal server domain.

To enable this feature, you must turn on NT authentication for the Report database and modify IIS settings for the Portal virtual directory.

Note: By default, the Portal creates an "internal" account for every valid NT user in the valid groups.
  1. Log in to Portal as an administrator.
  2. Navigate to TMS.
  3. Open the Tealeaf node displayed under Portal server.
  4. Click Shared configuration information.
  5. In the Config Actions panel, click View/Edit.
  6. You will see Tealeaf Report configuration.
  7. Click the Authentication Method field displayed under the Portal tab.
  8. You will see an Edit config item screen. Select NT from the drop-down and click Apply.
  9. Click Save button on the Tealeaf Report Configuration screen.
  10. When prompted to update server/s, click Add Tasks & Submit.
  11. If you have a Report server running on a separate machine, repeat the above steps for its configuration as well.

IIS changes to enable Portal NT Authentication

  1. Open the Internet Information Services Manager from the Windows™ Start menu:
    Start >  Administrative Tools > IIS Manager.
  2. Expand the machine node and go to Portal virtual directory under the website where it was installed (usually the Default Web Site).
  3. In the pane on the right, double click Authentication to open its settings.
  4. Disable Anonymous access and enable Windows authentication.
  5. Close the dialog.
  6. Perform an IIS reset and restart all Tealeaf services.

Creating Portal users

Depending on your configuration settings, the Portal can automatically create Portal user accounts for NT users when they first visit the Portal home page. Alternatively, you can create these accounts by mapping them manually.

Automated Portal user creation

You can configure the Portal to automatically create Portal user accounts for NT users that arrive to the Portal login page. You can assign the Portal account to one product (cxImpact, cxView, or cxReveal) and any groups within that product.

Any other product assignments must be completed after the user is created.

Note: To auto-create users across multiple products, you could notify cxImpact users to login Monday and cxView users to login on Wednesday, making the necessary configuration changes between days.

After you have enable NT authentication through Search Server, you must configure settings in each of the product settings groups.

  1. From the Portal menu, navigate to Portal Management.
  2. General User Creation Settings:
    1. Click CX Settings > Users.
    2. Configure the following settings to the listed values.
      Setting Value
      Automatic NT User Login Enabled
      Automatic User Creation Enabled
      Automatic User Creation Settings Prompt optional
      Automatic User Creation Type Set this value to the Tealeaf product to which you would initially like to assign users. Portal users are cxImpact users.
      Note: For the product to which you are assigning new users, you must enable Automatic User Creation.
    3. Password Security: The following settings pertain to password length, security, and duration. If you have not done so already, consult with your IT staff to determine requirements. To read  more about password requirements, please see require strong passwords in Configure CXview settings.
      • Minimum Password Length
      • Previous Password History (Count)
      • Previous Password History (Days)
      • Require Strong Passwords
      • New users must create a password that meets these guidelines
    4. Click Save.
  3. cxImpact User Settings: If you chose Portal for Automatic User Creation Type, complete the following configuration for new users automatically created by the Portal.
    1. In the same settings, configure the following fields to meet your requirements.
      • New User Default Group
      • New User Default Page
      • New User Default Time Zone
      • New User Group Default Language
    2. Click Save.
  4. cxReveal User Settings: If you chose cxReveal for Automatic User Creation Type, complete the following configuration for new users automatically created by the Portal.
    1. In the Portal Management page, select cxReveal > Users.
    2. Configure the following settings to meet your requirements.
      • Automatic User Creation must be enabled.
      • New User Default Page
      • New User Default Time Zone
      • User Default Group
    3. You should also review the Password-related settings.
    4. Click Save.
  5. cxView User Settings: If you chose Portal for Automatic User Creation Type, complete the following configuration for new users automatically created by the Portal.
    1. In the Portal Management page, select cxView > Users.
    2. Configure the following settings to meet your requirements.
      • Automatic User Creation must be enabled.
      • Automatic User Creation Settings Prompt
      • New User Default Page
      • New User Default Time Zone
      • User Default Group
    3. You should also review the Password-related settings.
    4. Click Save.

Manually mapping Portal users to NT users

To map a Portal user to an NT user:

  1. Log in to the Portal Web application as a Portal administrative user.
  2. Navigate to Portal Management.
  3. Click the user administration link for the type of user you want to create. Note: For cxImpact, select CX User Administration.
  4. Click Users.
  5. Click New in the toolbar.
  6. Enter the Portal username if creating a new user. Enter the NT domain and NT username (exactly as typed by the user when logging into the NT domain) to which this Portal user maps.
  7. Specify other user properties. Note: Only one Portal user account should be associated with each NT domain/user combination.
  8. Click Save.
  9. When the user whose account you just modified requests the Portal login page, their NT username is posted to the login page, and the user can access the Portal by clicking Login.

HTTPS/SSL and NT Authentication

If you use NT Authentication and also turn on HTTPS/SSL on the Portal (in IIS settings), you might not see the expected NT-authenticated login page for the Portal until the Portal machine is added to Internet Explorer's Trusted Intranet Zone.

Note: If you encounter the Portal error The ASP Utility Object (TLAspUtil) could not be loaded, and you have been recently added to the Users Active Directory group, then perform this procedure.
  1. Go to Start > Run.
  2. Type cmd in the Open field.
  3. Enter the following command: 
    
gpudate /force
  4. Reboot the user's machine. Important: It is important to reboot and not simply log off.

Related articles

community icon

Join the community

Ask questions, share best practices, and connect with fellow marketers.

Ask a question

Academy

Read how-to articles, guides, and more to help you on the path to success.

Learn more