Skip to main content
Skip table of contents

Active Directory IDP

Active Directory IDP types provide a connection to an Active Directory.

The Active Directory can be used for authentications (as an authentication method), and after the authentication with another IDP. The Active Directory can also be queried for additional user data (for attribute lookup for example).

About Attributes Lookup

This has to be configured on a different Identity Provider (Let's say: “IDP A”).  When configured, this Active directory can be used as a user information database. After a successful authentication to IDP A, the Active Directory will be queried for this user with the Technical Account (provided), requesting all the attributes which are configured on the Identity overview page of the Active Directory IDP.

Configure a custom Active Directory IDP

From the admin portal, go to Identity Providers tab > Custom AD IDP.

Field

Description

Display Name

The display name of the Identity Provider

If a known name is used (such as Facebook, Google, LinkedIn) the corresponding logo will automatically be provided.

Description

The Identity Provider description

Provisioning Workflow

Select a workflow that will be executed after the Authentication is complete. The workflows can be used, for instance, to provision users in a user database.

Type

“Active Directory”

Subject

Primary attribute that is used to identify the Subject

Manage Certificates

You can manage certificates from the Certificates configuration page. You can also add or import certificates from the Identity provider configuration.

  • Context → Defines what the certificate is used for.

    • Key - Signing: Used to sign messages to the IDP

    • Key - Encryption: Used to decrypt the messages (assertions) sent from the IDP

    • Key - TLS: Used to initiate a secure connection (TLS) to the IDP

    • Trust - Signing: Used to verify the signature of messages sent by the IDP

    • Trust - TLS: Used to accept a secure connection (TLS) from the IDP

  • Certificate Alias → The alias of the certificate to use for this context.

  • Used From → Defines from when this certificate may be used. In some cases these periods may overlap for the same context (eg. during a certificate renewal), but in other cases they may never overlap (Key - Signing, Key - TLS).

  • Used Until → Defines until when this certificate may be used.

See Certificates

Active Directory Server

IP Address (or hostname) to connect to the Active Directory Server

Port Number

Port number to connect to the Active Directory Server

Encryption Type

TLS: Use the TLS protocol to initiate a connection to the Active Directory Server
Start_TLS: Use the STARTTLS protocol to initiate a connection to the Active Directory Server

Netbios Domain Name

The (sub)domain name (without the extension) that will be used to look up the user for.

Technical Account User

Required for Attribute Lookup: an admin user account name to access more sensitive data on the active directory

Technical Account Password

Required for Attribute Lookup: an admin user account password to access more sensitive data on the active directory

Attribute Name for Subject

The attribute name that will be queried in the Active Directory for the authenticating user, that will be returned as the subject value.

Page Setting

Select the template to be used to display a 'log in with Active Directory'

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close