AD Authentication Settings

This page enables you to define how your system communicates with Active Directory (AD) - allowing you to configure its list of known Active Directory forests.

You would do this:

• As a precursor to defining AD users in the Gateway, or
• Prior to linking an AD group to a Gateway role.

Add an Active Directory forest to the system or modify an existing entry

1. Visit the AD Authentication Settings page via the System > System Settings > AD Authentication Settings menu sequence.
2. Either click New, or select an existing Active Directory forest then click Edit. The Modify Active Directory Forest page is displayed.

The system does not recognize any existing trust relationships that you may have established between your Active Directory forests. You must add all relevant forests explicitly.

How do I...

• Change the Overview details?

  The Overview area enables you to provide a name and optional notes for an Active Directory forest entry. To edit these details:

  1. Move the mouse pointer over the Overview area and click Click here to change these settings.
  2. Edit the Name if required.
  3. Edit the Notes if required.
  4. Click Save.
• Change the Global Catalog information?

  The Global Catalog area allows you to configure how your system communicates with one or more Active Directory Global Catalogs for authentication and user-access management. To edit these details:

  1. Move the mouse pointer over the Global Catalog area and click Click here to change these settings.
  2. Edit the Forest root domain for the root of the forest, not a child domain.

  3. Edit the Use Global Catalog(s) field. For resilience, you can enter multiple Global Catalogs, separating their names with commas - the system will try them in order, until one responds.

     Click Scan for Global Catalogs to explore and select from an available list of Global Catalogs. To use this feature, you need to ensure that the Gateway DNS server forwards to the forest DNS server. Alternatively, you can type in the name of the Global Catalog(s) manually.

  4. Check the Use SSL for communications between the Gateway and Global Catalog check box if required. This is enabled by default and is recommended.
  5. Click Save.
• Change the Username and Password?

  The Username & Password area enables you to modify the credentials used by the system to authenticate the LDAP connections it makes to the Global Catalog, which must be configured correctly before you can make changes

  You are strongly recommended to use an account with password expiry disabled.

  To edit these details:

  1. Move the mouse pointer over the Username & Password area and click Click here to change these settings.
  2. Edit the User Name.
  3. Edit the Password.
     
  4. Click Save.
  5. To check that the Username and Password are valid, click the Test Authentication task in the What would you like to do? panel.

This configuration process is entirely separate from a similar procedure performed when configuring PMM.