Active Directory integration

Communicare user groups can be synchronised to an Active Directory group so that a user's Microsoft Windows and Communicare logins can be managed from one location and users can use single sign-on.

Before you ask Communicare Support to enable Active Directory integration, consider the following:
  • Usernames cannot be longer than 31 characters, including the domain name and a backslash.
  • All staff using Communicare will need to be included in an Active Directory group. Active Directory synchronisation will hide the username and password field in Communicare to allow for single sign-on functionality.
  • Existing users will lose any local Communicare settings and favourites, which will return to default settings, including:
    • Words added to the spellcheck dictionary
    • Report parameters
    • Report favourites list
    • Default Provider, Encounter Place, Mode, Program
    • Tools menu – Show Hints, Button Captions, Show status bar
    • Recently Used clinical items on the Clinical Item search window
    • Appointment Book filters
    • Patient Search filters
    • Last selected options on qualifier and centile charts
    • Last selected filter on the clinical record Detail tab
    • Prescription defaults
    • Non-public dosage instructions
    • Window dimensions (if resized)
    • User medication favourites list
    • Printer Assignments
    • Existing Intramail messages sent only to these users and not saved to progress notes

If single sign-on has been enabled by Communicare Support, additional options will be visible in File > User Groups to help manage the integration with Active Directory.

After Active Directory has been enabled, complete the following steps:
  1. So that you can synchronise your own group to Active Directory, to login to Communicare for the first time after the upgrade, right-click on the Communicare shortcut and add fbauth to the target parameters. This allows you to login in using your Communicare username and password.

    Example Communicare login properties
    Remember: Remove this parameter from the shortcut once you have synchronised the Active Directory group containing your Windows user name.
  2. Double-click the Communicare shortcut and login as a user with administrator rights as usual.
  3. Synchronise your Communicare user group with Active Directory:
    1. Select File > User Groups.
    2. In the User Group Maintenance window, click Add iconAdd or double-click a user group.
      Note: A synchronised user group should not contain any uses who aren't Active Directory users. If you are synchronising a previously existing Communicare user group, any remaining non-Active Directory usernames should be deleted.
    3. Enter the user group name and the corresponding Active Directory group exactly as it appears in Windows and click OK.
      Example user group associated with Active Directory group
    4. Click Synchronise iconSynchronise (above the group's user list) or click Save.
  4. Log out of Communicare, remove the fbauth parameter you added to the shortcut in step 1, and log back in using your Windows credentials.
  5. Reassign any provider records that were associated with a Communicare username to their Active Directory username. In File > Providers, in the Logon User Name field, enter the Active Directory username. For example, HEALTHCONNEX\LGRAY.
  6. Advise users that they can now reassign their printer assignments in File > Printer Assignments and add any previous favourites, dosage instructions, and so on.
Any groups that are modified are automatically synchronised and all users belonging to the specified Active Directory group are created in Communicare and listed on the Users tab. Users created based on Active Directory users will be in the form DOMAIN\\USERNAME. The 31 character limit for usernames in Communicare still applies and includes the domain prefix.
Example Active Directory group and users
Note:

Users in nested groups will not be brought into Communicare.

Although Active Directory users can belong to multiple groups, a Communicare user may only exist in a single group. Thus, if a user belongs to multiple mapped groups, they will only reside in the last group to be synchronised.

In groups that are mapped to Active Directory, the Active Directory users cannot be manually removed, moved to another group, or edited.

To synchronise Communicare user groups to Active Directory in subsequent logins, you need only complete step 3.

Note: After a user group is synchronised to an Active Directory group, the users must be maintained in Active Directory. Functions such as adding, deleting, changing passwords and making users inactive are disabled in Communicare for this group.
Note: If you clear an Active Directory group name from a Communicare user group, the members of that group will be removed.

A background process can be enabled to automatically synchronise all Active Directory user groups with Communicare. The default is once daily 4:00pm - 4:30pm. Ideally, the synchronisation should be just before your scheduled Communicare backup runs.