Frequently Asked Questions about LDAP

In addition to the LDAP parameters on the Preferences > Accounts page, are there other steps required to implement LDAP in Alio Vendor Portal?

There are no additional steps required in Alio Vendor Portal; however, the Alio Vendor Portal/Active Directory server must have the appropriate ports open so that it can communicate with Alio Vendor Portal.

What happens when LDAP is turned on and an employee creates an account or logs into Alio Vendor Portal for the first time? Does the employee use their Active Directory UserID  and password to create the account? When will Alio Vendor Portal recognize and validate employee's portal account?

When LDAP is turned on, the employee must create an Alio Vendor Portal account using their Alio Vendor Portal/Active Directory username and password. If the employee uses any other username and/or password, the Create Account process will fail. Alio Vendor Portal will validate their Alio Vendor Portal/Active Directory username and password against Active Directory when the employee submits a request to create the Alio Vendor Portal account.

Is the Administrator account validated with Active Directory?

No. The Administrator user account will continue to work as it has always worked.

Must the user account from Active Directory be associated with an employee in the Alio Employee Master to complete the account start up? When the employee signs in with an Active Directory account, will the program prompt the employee to associate their Active Directory account to an Alio employee ID in order to start their portal user account?

No, the employee must create an Alio Vendor Portal account. The employee number is defaulted and disabled when the employee clicks the e-mail link sent to them by the administrator who initiated the create admin process.  This is how the employee is linked to the appropriate employee master record in Alio. The employee must also enter the following fields on the Create Account page: DOB, SSN, Employee Last and First Name, and Zip Code. The account is not created if any of this information does not match the employee's master record in Alio.  

What happens if the employee changes their password or exceeds the number of incorrect sign in attempts and is locked out of Alio Vendor Portal? Is the employee also locked out of Active Directory? If the employee's password is changed in Active Directory is it automatically changed in the portal?

Alio Vendor Portal never touches Active Directory to make changes; therefore an account in Active Directory is never locked. An employee is only locked out of Alio Vendor Portal when that employee exceeds the number of Login Attempts defined by your organization in Preferences > Accounts. If the Login Attempts parameter is disabled (equal to 0),  the employee is never locked out of Alio Vendor Portal.

You can also define how long the account will be locked, e.g., 1 hour, 2 hours, 24 hours, etc.

If the password is changed in Active Directory, the Alio Vendor Portal password that is saved in the Alio Vendor Portal database is NOT updated. However, when LDAP is enabled, the login authentication never looks at the password that is saved in the database; it validates the login information against Active Directory.

When LDAP is enabled, an employee cannot change their username or password in Alio Vendor Portal; however, an administrator with rights to modify user accounts CAN modify an Alio Vendor Portal employee account user name if the username is changed in Active Directory. The Active Directory username and Alio Vendor Portal username must match in order for the employee to log into Alio Vendor Portal.

Note: Alio Vendor Portal communicates with Active Directory only to validate an account; however Active Directory does NOT communicate with Alio Vendor Portal when an employee's Active Directory account username/password are changed.

Employees cannot reset their password when LDAP is enabled in Alio Vendor Portal. If LDAP in Alio Vendor Portal is disabled, the employees will use the password that is saved in the Alio Vendor Portal database (e.g., the initial password the employee used to create their Alio Vendor Portal account) to log into Alio Vendor Portal. The employee may not remember this password if it has changed multiple times between the time the employee's Alio Vendor Portal account was created and LDAP within Alio Vendor Portal was disabled. In this case, the user is required to answer their security questions prior to resetting their password.  If LDAP in Alio Vendor Portal is enabled again, the employee's login credentials are validated against Active Directory.

What if the employee is an administrator and already has an account that is associated with their Alio ID prior to turning on Active Directory? What is the best practice to recreate their portal account from Active Directory?

Weidenhammer recommends implementing LDAP prior to creating any accounts in Alio Vendor Portal. However, if Active Directory is turned on after an administrator account is created in Alio Vendor Portal, you can try these options:

1. Login with the administrator account and modify each user's Alio Vendor Portal username to match that Active Directory username (you do not need to change the password that is stored in Alio Vendor Portal).

2. Log in with the administrator account and delete the user accounts. Require the users to re-create their Alio Vendor Portal account.

3. Submit a request to your Alio Vendor Portal support representative to remove all of the Alio Vendor Portal user accounts from the database. Require the users to re-create their accounts.

Is there any published information on how using LDAP works in Alio Vendor Portal?

Weidenhammer recommends contacting your Alio Vendor Portal support representative to request additional information.