How can users outside our domain log in to our kbox helpdesk to submit tickets?
Our schools are on their own domain, but we want them to be able to use our helpdesk. I thought they would just create the ticket using email, but my boss wants them to be able to log into the helpdesk and submit a ticket. We set up a VPN on their machines, so they can reach our kbox, but how can they log in? I thought I could manually add users, buy I guess I cannot do that. Will we have to set them up as users on our Active Directory?
Any help would be greatly appreciated!
Danielle
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
SMal.tmcc
8 years ago
You can still use ldap for the core of your users and add those extras manually and assign a role to them. They just show different in the user screen - missing the (ldap) after the name
Comments:
-
But I thought once you turn on LDAP authentication, it won't do local authentication anymore. I did manually add a user but when I tried to log in as that user, authentication failed. Because how would it know to look at the LDAP server or locally. I guess admin is just the exception. - County of Culpeper 8 years ago
-
You can also create a OU in your AD with no rights to anything in the domain for those guest users. If Policies do not allow that method create virtual domain with one or two DC's and add those guest users to it and also then add the domain to the Kace LDAP. - SMal.tmcc 8 years ago
-
It does seem this is the route to take. Thank you so much for all your help! - County of Culpeper 8 years ago
-
this also allows help desk to manage those accounts and your password reset to also work since it is a domain. We have 2 physical domains and one virtual domain. The 2 phy are for students and staff, the virtual is for outside accounts from other .edu entities and contractors. - SMal.tmcc 8 years ago
Posted by:
Druis
8 years ago
You can add user manually to the Kbox without them having to be in the LDAP. LDAP authentication is obviously handier for managing password differences.
Comments:
-
Thanks! But I need to use LDAP for the majority of users. Too many to keep up with passwords. Just a few users outside the domain that need to be able to enter tickets. Any other ideas??? - County of Culpeper 8 years ago
-
If there is a trust between domains you can use more than one LDAP query - Druis 8 years ago
-
What we have a VPN so that they can get to our network. What I was thinking was they open the VPN into our network. We use a Bomgar session for them to input their credentials for their LDAP authentication. Then with the VPN open, we import the users (and actually delete most of them, only want a few). Then the only time it needs to authenticate is when they would want to enter a ticket. Which they would open the VPN first to even reach our kbox. So at that point, wouldn't the kbox be able to authenticate against their AD? Or does the VPN really only let them into our network? I'm sorry, I am pretty new to all this and maybe am having a hard time understanding. Thanks so much for your help! - County of Culpeper 8 years ago
-
I have never user Bomgar so I can't comment on that. However if they are authenticating a VPN connection does Bomgar check the credentials against your AD or does it handle it's own Authentication? - Druis 8 years ago
-
Bomgar is just a remote control tool that lets both parties share desktops and control. That would just be so that they could type in their own credentials and not have to share them with me. It doesn't have anything to do with the VPN or AD. So ignoring Bomgar altogether, if someone at the school opens the VPN and I have their LDAP server and password set up in kace, could it import their users? And if so, when they want to open a ticket, they would first open the VPN to reach our kbox. But would it allow kace to authenticate against their AD? Thanks so much for taking the time to help me understand all this! - County of Culpeper 8 years ago
