PSIfusion User Directories are used to define connections to user repositories and instruct the system how users from those repositories should be authenticated and mapped into the application.
Each installation contains a default System Directory that is used to manage users that do not belong to an external directory. For smaller deployments, or deployments where an external directory is not available, additional users can be added to the system directory and managed here.
The System Directory does not require any configuration prior to use. One option that is available for System Directory user setup is to "Require user passwords satisfy password complexity rules". To set this, click on the Edit icon next to System Directory in the table as shown below.
This option gives administrators the ability to disable complexity checks when passwords are being set for users belonging to the system directory. By default this option is enabled, as shown in the screen shot below.
When complexity checks are enabled the following rules will be evaluated for each password change:
Passwords must be at least 6 characters in length
Passwords must contain at least one uppercase letter
Passwords must contain at least one lowercase letter
Passwords must contain at least one number
In addition to the built-in system directory, PSIfusion also supports external directories. External directories must conform to the Lightweight Directory Access Protocol Version 3 (LDAPv3) specification. While every effort has been made to ensure PSIfusion can be configured to work with any compliant LDAP directory, official support is currently only offered for the following systems:
Microsoft Active Directory
Configuring an external directory allows PSIfusion to delegate authentication and group and role mapping to the external system. The user experience for LDAP users and PSIfusion application users is identical; but by linking PSIfusion to your external directory administrators can avoid maintaining an additional set of user credentials, as well as gaining the ability to map the external directory groups hierarchy into PSIfusion as User Groups and Teams.
PSIfusion supports an unlimited number of external directories. This allows for very flexible mapping to the external infrastructure. A user directory can be created using a Microsoft Active Directory instance to authenticate one department, a Novell eDirectory instance to authenticate a group of external consultants, and users can be added directly to the system directory when use of an external directory is either not possible or not desired.
Another use for multiple external directories is to control which users in the organization will be mapped into PSIfusion. In larger organizations with extensive LDAP directories, or even smaller organizations with complex hierarchical structures; administrators can create a user directory that maps to subsections of the LDAP hierarchy, instead of connecting PSIfusion directly to the LDAP root. This allows administrators to link in a group of users from LDAP based on their container membership, which logically may be mapped to their physical location or home office, department within the company, etc.