Overview
Parameters:LOGINUSEACTIVEDIRECTORY
Category: Login
Default value: 1
Product: eTASK.Login
What does this parameter do?
This parameter enables or disables login via Microsoft Active Directory in the eTASK portal. When the parameter is enabled, users can authenticate using their Active Directory credentials (domain username and password). Authentication is performed via LDAP against the Active Directory domain configured in the system. If the parameter is disabled, only local portal authentication is available.
What is this parameter used for?
Integration of corporate identity management into the eTASK portal
Centralized user management via Active Directory instead of local portal accounts
Uniform login credentials for users (no separate portal passwords required)
Use of existing Active Directory security policies (password length, complexity, expiration)
Simplified user management through centralized deactivation when an employee leaves
Preparation for Single Sign-On (SSO) in combination with other parameters
Compliance with corporate policies for central authentication
Technical Details (for Administrators)
Format: Integer as a string
Default value: 1
Valid values:
1= Active Directory login enabled - users can log in with domain credentials0= Active Directory login disabled - only local portal authentication available
Important notes:
The parameter only takes effect if a valid Active Directory domain is configured at the same time
Authentication is performed via the LDAP protocol against the configured domain
When AD login is enabled, a corresponding link is displayed on the login page
The username in the portal must match the Active Directory username
Multiple domains can be configured—authentication occurs in the specified order
In debug mode, the default value is automatically set to 1
Interaction with other parameters:
ACTIVEDIRECTORYDOMAIN: Defines the FQDN of the Active Directory domain(s)—both parameters must be configured
AUTOLOGIN: Enables automatic Windows login without entering credentials
When should you change this value?
Leave the value set to 1 (default) if:
Active Directory is available in the organization
Centralized user management is desired
Users are expected to log in with their Windows credentials
Uniform security policies need to be enforced
Standard scenario for enterprise environments
Set value to 0 (Disable) if:
No Active Directory infrastructure is available
Only local portal accounts are to be used
External users without AD access need to log in
Test or development environments are operated without an AD connection
Temporary deactivation is required during AD maintenance
Cloud-based deployment without local Active Directory
Important Notes
Dependency on ACTIVEDIRECTORYDOMAIN
This parameter alone is not sufficient. The Active Directory domain must be configured in the ACTIVEDIRECTORYDOMAIN parameter; otherwise, activation will have no effect.Username synchronization
The username in the eTASK portal must exactly match the Active Directory username (without the domain part). Discrepancies will result in failed logins.Network connection required
The portal requires network access to the Active Directory domain controllers. Firewall rules must allow LDAP traffic (ports 389/636).Fallback to local authentication
Even when AD login is enabled, users with local portal accounts (without AD mapping) can still log in. The systems operate in parallel.No automatic user creation
Activation does not automatically create portal users from Active Directory. Users must be created in the portal—only authentication is performed via AD.Performance considerations
Each login requires an LDAP request to the domain controller. With slow network connections, this can increase login time.
Security
Does changing this parameter affect security?
Yes, this parameter has a significant impact on system security.
Positive aspects:
Centralized password management via Active Directory policies
Automatic deactivation when an employee leaves via AD deactivation
Use of established corporate security infrastructure
Consistent authentication method across all systems
Password policies (complexity, expiration, history) are enforced centrally
Note:
LDAP traffic should be encrypted (LDAPS, Port 636) rather than unencrypted LDAP
Compromised AD credentials allow access to the portal
In the event of an AD outage, login is not possible except via local accounts
Incorrect configuration can cause AD lockouts due to repeated failed login attempts
Network segmentation between the portal and the domain controller is important
Best Practices:
Use LDAPS (Port 636) for encrypted authentication
Set up dedicated service accounts for LDAP queries (if necessary)
Monitor failed AD login attempts
Thoroughly test AD authentication before going live
Have at least one user with a local account available as an emergency administrator
notedb487539-cda4-45c3-8412-82cf8a490f97
Recommendation: Enable this parameter in enterprise environments with Active Directory. Ensure that the network connection is reliable and use encrypted LDAP connections. Maintain a local account emergency administrator in case of AD failures.
Recommendation: Enable this parameter in enterprise environments with Active Directory. Ensure that the network connection is reliable and use encrypted LDAP connections. Maintain a fallback administrator with a local account in case of AD outages.
Practical Example
Initial situation: A medium-sized company with 300 employees is implementing eTASK. Currently, all employees use Windows clients and log in to their Active Directory accounts daily. The IT department wants to avoid having to maintain separate portal passwords for eTASK.
Requirements: - Centralized user management via existing Active Directory - No additional passwords for users - Automatic deactivation when an employee leaves - Use of existing password policies (minimum 12 characters, expires after 90 days)
Configuration: - LOGINUSEACTIVEDIRECTORY = 1 (enabled) - ACTIVEDIRECTORYDOMAIN = "company.local" - All portal users have the same usernames as in Active Directory
After activation:
Users log in with their Windows username and password
No need to maintain separate portal passwords
Password changes in AD take effect immediately for eTASK as well
Employees who leave the company are deactivated in AD and can no longer log in to the portal automatically
The IT department saves time on user management
Result: Integration with Active Directory significantly simplifies user management. Users benefit from consistent login credentials, while the IT department can centrally control all access via Active Directory. The company’s password security policies automatically apply to eTASK access as well.
Alternative scenarios:
Scenario A - Mixed environment:
LOGINUSEACTIVEDIRECTORY = 1
Internal employees: AD authentication
External partners/service providers: Local portal accounts without AD mapping
Both authentication methods available in parallel
Scenario B - Cloud deployment without AD:
LOGINUSEACTIVEDIRECTORY = 0
SaaS operation without local Active Directory
All users with local portal accounts
Alternative: Migration to Azure AD using the AZURELOGINACTIVE parameter
Recommended setting
For standard installations:1(Enabled)
Reason:
Uses existing Active Directory infrastructure
Significantly simplifies user management
Increases security through centralized password management
Complies with best practices in enterprise environments
Reduces administrative overhead
Recommendations by environment:
On-premises with AD:
1(Standard - uses existing infrastructure)Cloud without AD:
0(No AD infrastructure available)Hybrid environments:
1(with Azure AD Connect or similar synchronization)Test/development environments:
0or1(depending on the availability of Test AD)
note1a80f6d2-4e0c-4275-a1ca-421cb1165f08
Important: If you enable this parameter, ensure that ACTIVEDIRECTORYDOMAIN is configured correctly and that the portal has network access to the domain controllers. Test the login with a test user first before putting it into production.
Important: If you enable this parameter, ensure that ACTIVEDIRECTORYDOMAIN is configured correctly and that the portal has network access to the domain controllers. Test the login with a test user first before putting it into production.