About the Active Directory® Login Method

Active Directory® can serve as the primary source for maintaining information about the users on your network. Active Directory® Authentication allows you to manage CCH Axcess user data through Active Directory®.

Notes:

  • Your firm must already be set up to use the Active Directory® login method. Firms using the CCH Axcess or Federation Services method cannot change to the Active Directory® method.
  • CCH Axcess defaults to using a secure connection to read from Active Directory®. If your server cannot support secured connections, you must modify the CCH Axcess settings to revert to a standard connection.

Active Directory® does the following:

  • Automatically signs users in to CCH Axcess when they log in to their AD network and then opens CCH Axcess.
  • Synchronizes staff on schedule.
  • Logs in to CCH Axcess outside the firm’s network using a VPN connection.

We also recommend that you do the following:

  • Create and manage users in Active Directory® only.
  • Create a service account in the domain with read-only access to Active Directory® data. This service account user ID and password will be used to run the scheduled synchronization task.
  • Allow sufficient time or set aside a later time to synchronize and import your firm’s users, because the time needed to perform the initial Active Directory® user synchronization is dependent upon various factors, including the number of users in your firm.
  • For all new users imported manually from Active Directory® in Staff Manager or through the synchronization process, you must grant access to modules, functions, clients, and other items. See Setting Up Security for specific details.

Please take special note of the following:

  • Ensure that all users have exited all CCH Axcess applications prior to switching to Active Directory® authentication.
  • Never remove the designated administrator account from the CCH Axcess group in Active Directory®, and use caution when removing other users from the CCH Axcess group in Active Directory®.
  • Do not deactivate the user in Active Directory® that is linked to the default administrator profile in Active Directory® as you may be disabling the only person with full rights.
  • If all users who have rights to Active Directory® Integration, including the default administrator, are unlinked in CCH Axcess, there will be no way to re-link users, because anyone with the permissions required to perform the integration will also be unlinked.