InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Active Directory

Instructions for Configuration of Microsoft Active Directory as an Authentication Server with InsightCloudSec

Overview

InsightCloudSec supports using Microsoft Active Directory authentication as a valid authentication server. This page provides details for configuring InsightCloudSec for use with Active Directory. For details on Azure Active Directory, check out the Azure Active Directory docs.

Prerequisites

Before getting started you will need to have the following

  • A functioning InsightCloudSec platform
  • Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
  • Administrative credentials to your Active Directory instance

For questions or issues reach out to [email protected].

📘

Active Directory & Just In-Time Provisioning

For instructions specific to setting up an Authentication Server for Active Directory and enabling Just In-Time Provisioning refer to our Active Directory - Just In-Time User Provisioning page.

Active Directory Authentication Server Setup

Refer to the steps outlined below to create an Active Directory Authentication Server:

1. Navigate to "Administration --> Identity Management" and select the "Authentication Servers" tab.

2. Click the "Add Server" button to launch the form.

Add an Authentication ServerAdd an Authentication Server

Add an Authentication Server

3. Complete the "Create Authentication Server" form as follows:

  • Nickname: Provide a nickname for the Active Directory server.
  • Select Server Type: Select "Active Directory" from the drop-down server type menu.
  • Global Scope Checkbox: Select the Global Scope checkbox if you want to use this server across all of your Organizations.
  • Server Host/ IP: the server hostname or IP for the Active Directory.
    • This is often represented as ‘dc.yourdomain.com’. Do not include any protocol or port information here.
  • Port Number: Provide the Port number (the port for which your Active Directory instance is configured).
    • Port ‘389’ is the default Active Directory port.
    • If your Active Directory is configured to use SSL, the default port is ‘636’.
    • If your Active Directory instance has been configured to use any other port, supply that value here.
Create Authentication Server - Active Directory ExampleCreate Authentication Server - Active Directory Example

Create Authentication Server - Active Directory Example

4. Configuration continued

  • Secure Server Checkbox: Select the "Secure Server" checkbox if your Active Directory instance has been configured to use SSL.

    • Provide an "Admin Username" - enter the Distinguished Name (“DN”) of a user account with ‘bind’ privileges. The DN is usually represented as “CN=Your Name,OU=YourOrganization,DC=YourCompanyName,DC=Com).
    • Provide the corresponding password for the given Admin username
  • Base User DN: The Base User DN is the search string applicable to where user accounts are situated within the directory.

    • Usually, this looks something like “CN=Users,DC=YourCompanyName,DC=Com”.
    • Note: It is important here to provide the most specific possible search string. A search string of “DC=YourCompanyName,DC=Com” might work depending on how the directory was configured but will result in inefficient lookups which are taxing to the Active Directory instance and could result in timeouts while users attempt to authenticate.
  • UPN Suffix: If you have configured your Active Directory instance to use a ‘User Principal Name’, or your domain is configured to use explicit UPN names, supply the UPN suffix value.

    • Note that this will preclude users from being able to authenticate into InsightCloudSec using implicit suffixes, even if the Active Directory instance is configured to allow that.
Create Authentication Server - Active Directory Example ContinuedCreate Authentication Server - Active Directory Example Continued

Create Authentication Server - Active Directory Example Continued

📘

Enable periodic user provisioning

The two checkboxes on the form in the section labelled "Enable periodic user provisioning" are to enable Just In-Time User Provisioning (Authentication Server Support)

For instructions specific to setting up an Authentication Server for Active Directory and enabling Just In-Time Provisioning refer to our Active Directory - Just In-Time User Provisioning page.

5. Click "Submit" once you have completed the form.

  • InsightCloudSec will verify that the credentials you submitted are correct and that the account provided has the required ‘bind’ privilege.
  • If an error message appears, please check that the values you entered are correct for the Active Directory instance in which you are trying to authenticate.

Updated 4 days ago

Active Directory


Instructions for Configuration of Microsoft Active Directory as an Authentication Server with InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.