LDAP
Users logging on to BusinessPlus may be authenticated using BusinessPlus user security settings or from an external LDAP server. BusinessPlus security is set up in NU Manage Users, while LDAP authentication is set up in the Connection Manager. Starting with release 19.12.5, the following authentication rules apply.
LDAP is not compatible with single sign-on (SSO). Only one or the other authentication can be applied.
LDAP Enabled
If LDAP is enabled, the system attempts to authenticate the user in LDAP/Active Directory. When an LDAP user logs in, the process receives the BusinessPlus NU Manage Users (Nucleus) ID from LDAP. Upon successful login, the process receives the BusinessPlus Nucleus ID from LDAP. This ID is used to load user permissions for BusinessPlus. However, if the BusinessPlus Nucleus ID is not valid, the authentication fails, even if the user login was successful in LDAP/AD.
If LDAP user login is successful and the BusinessPlus Nucleus ID is valid, the user is granted access to BusinessPlus. The process does not check if the BusinessPlus Nucleus ID is locked or inactive in NU Manage Users.
If LDAP authentication failed and the user does not have a password set in NU Manage Users, no access is granted. The process does not attempt to authenticate against the NU Manage Users record and lock the account for the failed attempt.
If LDAP authentication failed and the user does have a password set in NU Manage Users, then this user becomes a BusinessPlus Nucleus user. The process authenticates against their NU Manage Users record and all regular rules (for example, password locking and count number of login attempts) apply.
LDAP Not Enabled
If LDAP is not enabled, regular BusinessPlus authentication takes place using NU Manage Users settings.