DivvyCloud supports using Active Directory authentication as a valid authentication server. This document details configuring DivvyCloud for use with Active Directory as an authentication server for users to authenticate against when logging in.
You will need Administrative credentials to your Active Directory instance.
To create an Active Directory Authentication Server:
1. Navigate to the Identity Management page, found under Administration on the left-side navigation menu. Select the Authentication Servers tab near the top of the window.
2. Click Add Server.
You may need to scroll through the dialog to access all input fields.
3. Enter whatever you like for the nickname, and then select ‘Active Directory’ for the Server Type.
4. For Server Host/IP, enter the server or hostname for the Active Directory. This is often represented as ‘dc.yourdomain.com’. Do not include any protocol or port information here.
5. For Server Port, you should supply the port your Active Directory instance is configured to listen at. Port ‘389’ is supplied by default as it is the default Active Directory port. If your Active Directory is configured to use SSL, the default port is ‘636’. If your Active Directory instance has been configured to use any other port, supply that value here.
6. Select the Secure Server checkbox if your Active Directory instance has been configured to use SSL.
7. For Admin Username, enter the Distinguished Name (“DN”) of a user account with ‘bind’ privileges. The DN is usually represented as “CN=Your Name,OU=Your Organization,DC=YourCompanyName,DC=Com).
8. For Admin Password, enter the password credential of the user account specified in Admin Username.
9. For Base User DN, enter the search string applicable to where user accounts are situated within the directory. Usually, this looks something like “CN=Users,DC=YourCompanyName,DC=Com”. It is important here to provide the most specific possible search string. A search string of “DC=YourCompanyName,DC=Com” might work depending on how the directory was configured, but will result in inefficient lookups which are taxing to the Active Directory instance, and could result in timeouts while users attempt to authenticate.
10. If you have configured your Active Directory instance to use a ‘User Principal Name’, or your domain is configured to use explicit UPN names, supply the UPN suffix value in the UPN Suffix field. Note that this will preclude users from being able to authenticate into DivvyCloud using implicit suffixes, even if the Active Directory instance is configured to allow that.
We will verify that the credentials you submitted are correct when you click Submit and that the account provided has the required ‘bind’ privilege. If an error message appears, please check that the values you entered are correct for the Active Directory instance you are trying to authenticate to.
Updated 10 months ago