Add an Authentication Configuration

Add an Authentication Configuration – Active Directory

Use the following procedure to add an Active Directory authentication configuration:

1. Select Authentication Setup from the Security section of the Setup menu. The Authentication Setup page is displayed.

2. Click  Add.

3. Complete the following fields:

• Authentication Type – Select Active Directory from the drop-down menu.

• Name - Enter a name for the authentication configuration.

• Priority – Enter a number to define in which order the authentication should be performed relative to the other authentication configurations. When multiple user authentication providers are enabled, ResCenter will verify user information with each provider in the list in descending order. The list of providers is ordered from lowest number first to highest number (last). The default ResCenter provider is always checked last and cannot be edited or disabled. Any user name will first be checked against the list of defined, enabled providers in descending order, and then it will be checked against the ResCenter provider last.

• Scheme – Select either LDAP or LDAPS from the drop-down menu. LDAP is the standard protocol. Selecting LDAPS (LDAP over SSL) may require additional configuration based on the network configuration.

• Host - Enter the fully qualified domain name or IP address of the LDAP server to search.

• Port - Enter the port to use when accessing the directory Host machine. Use 389 for LDAP or 636 for LDAPS.

• DIT Root - In the DIT Root field, enter parameters to define the scope of the Active Directory. This is the branch of the Active Directory tree which is used as the base when searching for users. Enter an LDAP query based on your Active Directory structure. For example:

For example.com, enter dc=example,dc=com.

Contact your institution’s IT department for more information, if necessary.

• Search Filter – This value is the LDAP query that narrows the results returned during the search and authentication processes. During authentication, the query is combined with the username to look up the current user. It is helpful if users are assigned to a group in Active Directory, which forms the basis for the search filter. The default value is (objectClass=user).

• Domain – This value is part of the fully-qualified username after the @. The supplied User ID and Domain are combined to form the fully-qualified username during authentication. The default value is example.com.

• User ID Property (Import) – This value is the Active Directory property that represents the ResCenter user name. The default value is sAMAccountName.

• Bind Principal Property – This is the Active Directory attribute that defines the fully-qualified username (i.e. joe@example.com). The default value is userPrincipalName. This field is used during the log-in process.

4. To make the user authentication provider available for use, check the Enabled check box.

5. Click  Save.

After adding an Active Directory configuration, each user must be connected to the configuration via Setup > Security > Users.