Authors: Katerina Burlaka and Andrey Shevchenko, CRM Consultants
As we are open to new challenges in order to make the work of our Customers easier and more efficient, we’ve got down to the improvement of the basic synchronization of SugarCRM and Active Directory that was implemented earlier into our Customer’s system (to be specific, in this example, we are talking about the implementation in the global IT company Ciklum).
To begin with, let’s consider the bright side of the basic synchronization of SugarCRM and Active Directory. SugarCRM can be configured to accept Lightweight Directory Access Protocol (LDAP) authentication if the organization has implemented Active Directory authentication. When users in the system attempt to log into the CRM system, the application authenticates them against Active Directory. If authentication is successful, the user is allowed to log into Sugar. If the authentication is unsuccessful, the system blocks the user’s attempt to log in (in case if only LDAP option is enabled in user’s profile).
What is needed is just to add a user to Active Directory for the purpose of authenticating from SugarCRM to Active Directory to read the LDAP. The user should be a service account that needs read-only access to Active Directory.
Amidst the constantly developing business environment and evolving Customer’s needs and requirements, it became necessary for our Customer to improve the basic synchronization of SugarCRM and Active Directory, namely, to enhance the flexible procedure of User creation in the CRM system.
Basically, such customization was aimed at eliminating the human factor in the process of user management within the CRM system.
Actually, there are many things to be said in favour of this SugarCRM customization.
1. Now the Customer has got the possibility to control the number of active licenses for system users, and so preventing the case of active system usage by “ghost employees”.
2. The system now will take care of those system users who have been dismissed so that these users won’t have the access to the company’s data after their leaving. What is important is that the risks of the company’s information leakage have been reduced.
3. The process of user management within the CRM system was simplified – now it’s enough just to create or delete a user in/from Active Directory catalogue and the updated information on the user will get inside the CRM system.Moreover, as soon as Active Directory controls several systems at the same time – now there is no need to control users in the CRM system, in particular. Another good fact is that now it takes neither time nor any resources for creating or deleting the users inside the CRM system – the information on the users is always up-to-date.
4. CRM system security has been enhanced – all the users are always under control of System administrators, all the information is stored in the General Catalogue.
5. As soon as a new user has been created or a user has been deleted – the notification with the relevant information is sent to the certain e-mail address. Moreover, there is a possibility to send such a notification to more than 1 email-address. Also this notification contains the warning that the records that the deactivated user was assigned to should be manually reassigned to another user by the System Administrator.
6. The flexible accessibility setup has been implemented for newly created users.
7. The control of users in the system is performed as soon as possible, within a very short period of time and what is great – the procedure doesn’t load the system at all.
It should be noted that all the customizations have been implemented in upgrade-safe manner and so it doesn’t require any further support.
From these arguments we may conclude that the improvements to the basic synchronization of SugarCRM and Active Directory are efficient and really helped the Customer in managing the users within the CRM system and so, made the work of System Administrators more convenient.
Want to enhance your SugarCRM?