Integrating Active Directory with K2

K2 has supported integration with Active Directory authentication for many years. Since AD and K2 deal with computers and users, it is natural to leverage existing configuration, avoid duplicated efforts, and ensure consistency across multiple enterprise environments. Here are some of the ways that AD Configuration can be used to control Software Asset Management processes.

Password verification

K2 can use Active Directory to do authentication – verifying passwords and ensuring that user names are accurate. This makes user based license management more reliable, since an enterprise is typically already managing Active Directory for numerous security and access purposes.

Restricted Policies

License policies in K2 can be restricted to groups of users or computers. Groups can be defined entirely internally, but K2 can also query Active Directory to determine group membership. K2 can query AD computer groups, user groups, and computer OUs.

Admin Authentication

Active Directory groups can also be used to control who can login to KeyConfigure and what privileges they have within K2. Although K2 administrative privileges can also be managed internally within K2, the option of using Active Directory simplifies configuration when AD groups already exist.

Mapping AD OUs to K2 Divisions

OUs in Active Directory represent a primary segmentation or categorization of computers. K2 has a similar concept called Divisions, which can be used to group computers together for reporting or for managing administrative scope. Active Directory integration can be configured so that Computers in K2 are automatically assigned to Divisions that correspond to OUs in Active Directory. So once again when configuration has already been done in AD, there’s no need to replicate it in K2.

Missing Clients report

It can be very difficult in any one system to account for each and every computer present at your organization. K2 has extensive data for all of its clients – computers with KeyAccess installed that have connected to the KeyServer. Most sites use a mass deployment process to install the client, KeyAccess, throughout the enterprise so KeyServer has a comprehensive list of computer assets – but no matter how this is done, some computers might slip through the cracks. Active Directory also maintains its list of computer assets, which also attempts to be comprehensive and accurate. K2 includes a report that compares these two list so that incomplete or obsolete data canned be culled from each. This helps to improve your deployment process and ensure uniform Software Asset Management.

For technical details…

If you are a K2 administrator, take advantage of AD integration if you are not already. Read about how to configure functionality in the following documentation:

Active Directory Integration — Client Authentication
Active Directory Integration — Admin Authentication

No comments yet.

Leave a Reply