Active Directory IDP types provide a connection to an Active Directory.
The Active Directory can be used for authentications (as an authentication method), and after the authentication with another IDP. The Active Directory can also be queried for additional user data (for attribute lookup for example).
About Attributes Lookup
This has to be configured on a different Identity Provider (Let's say: “IDP A”). When configured, this Active directory can be used as a user information database. After a successful authentication to IDP A, the Active Directory will be queried for this user with the Technical Account (provided), requesting all the attributes which are configured on the Identity overview page of the Active Directory IDP.
Configure a custom Active Directory IDP
From the admin portal, go to Identity Providers tab > Custom AD IDP.
The display name of the Identity Provider
If a known name is used (such as Facebook, Google, LinkedIn) the corresponding logo will automatically be provided.
The Identity Provider description
Select a workflow that will be executed after the Authentication is complete. The workflows can be used, for instance, to provision users in a user database.
Primary attribute that is used to identify the Subject
You can manage certificates from the Certificates configuration page. You can also add or import certificates from the Identity provider configuration.
Active Directory Server
IP Address (or hostname) to connect to the Active Directory Server
Port number to connect to the Active Directory Server
TLS: Use the TLS protocol to initiate a connection to the Active Directory Server
Netbios Domain Name
The (sub)domain name (without the extension) that will be used to look up the user for.
Technical Account User
Required for Attribute Lookup: an admin user account name to access more sensitive data on the active directory
Technical Account Password
Required for Attribute Lookup: an admin user account password to access more sensitive data on the active directory
Attribute Name for Subject
The attribute name that will be queried in the Active Directory for the authenticating user, that will be returned as the subject value.
Select the template to be used to display a 'log in with Active Directory'