When setting up Active Directory, you can set up multiple domains that will drive the authentication as part of the set up and you can also you can add more domains as needed after this.
Since Active Directory can include a number of domains, the Authentication page is split into two panels:
- The current list of domains is displayed at the top of the page.
- The details for a single domain are shown at the bottom of the page. This panel is only shown where a domain is selected at the top of the page (edit domain) or when you click Add Domains to create a new domain.
For details of the fields you can see on this page, see Authentication Provider (below).
Managing Active Directory
The Authentication Providers can be seen in the Security > Authentication page of the administration console. You can click Change Provider to move to Active Directory from another authentication provider (for example, from database to Active Directory after initial installation).
Initial Setup
On installation, the internal "database" Authentication Provider is set up with the details supplied. To change the Authentication Provider to Active directory, you need to: 1) set up your Active Directory, 2) use the Change Provider page to select Active Directory, and 3) create the initial settings and first domain or domains.
Note: Set the Active Directory forest as the default domain to enable UPN login for all the users in the Active Directory forest.
Subsequent Domain Setup
Once you are using Active Directory, you can add more domains to the Active Directory framework at any time, by clicking Add Domain in the top-right corner and supplying details of the new domain.
Editing Active Directory
You can edit the details of your Active Directory and its domains over time:
- Fix details of the existing domains by selecting the domain in the top panel and editing its details in the bottom panel.
- Add a new domain by clicking Add Domain and supplying details of the new domain and domain user.
- Change which domain is the default, by changing which checkbox is selected in the Default column of the top panel.
Changing Provider
If you want to move from one authentication provider to another, you cannot simply edit the details in the Authentication Provider page. You need to make use of the specialized Change Provider function to model your new details, even where your provider type or vendor remain the same. For more information, see .
Active Directory Settings
- LDAP Address: The LDAP address in the format LDAP://DC=X,DC=Y,DC=z.
- Domain Name: The NetBios Domain name. The domain is usually a short name. Typically, it's the "X" in the LDAP address.
- Port: The LDAP server port. Usually, 389.
Shown only in the Domain Settings list:
- Default: Select the checkbox to indicate the default domain. The default domain is used when performing look-ups for new user accounts. It is also used to attempt user authentication when the user ID provided in the authentication process does not include a domain designation.
- Secured: Indicate if you are using the "LDAPS" protocol. Click here for more information on setting up Azure with secure LDAP.
Domain User Settings
A domain user account that will be used by the application to log into the domain to check user credentials. (This user is usually part of the domain itself, but it can be another user from a different domain in the forest if needed.)
- User Name: The name of an account with rights to traverse the LDAP database.
- Password: The user's password.
- Use a different domain: If the user that has access to this domain is not part of this domain in the setup, select the Use a different domain checkbox and supply a Domain name.
Note: There is a Test button in the header of the Add Domain panel, which checks that there is a domain at the given address and tests log in using the Domain User.
Initial user
- User Name: The name of the initial user.
- Test: Click to perform the handshake using the initial user.