Skip to content

Overview

ADS (Accops Directory Server) is a proxy between an Application Server and an Active Directory. It is also referred to as the LDAP proxy server or S-LDAP server. The ADS module acts as a Proxy Server and adds an additional authentication layer as MFA. The MFA option can be of multiple types, e.g., Mobile Token and Push Notification. 

Prerequisite

Two ways of logging in to the Application UI when the Accops ADS module is configured:

  1. Using OTP as a Password - The user has to provide a username, but instead of a password, the user has to enter OTP. OTP is a six-digit code generated and forwarded to the user's mobile device via the HyID Application.  Refer diagram for a detailed flow.

  2. Push Notification is the second way. Here a notification is initiated on the user’s device when the user enters the correct Username and Password. However, an OTP.password is not required; only the password will be entered from the user’s side.

    Note

    DMS server installation and configuration will be required if you are using this option.

Let's understand the existing Application login flow, which is connected directly with the Active Directory or LDAP server and integrated with Accops ADS and MFA. In the diagram below, Application A requires MFA, and Application B requires authenticating the user directly with the Active Directory. 

Use Case - Application A where MFA is required 

  1. First, the request hits the web server, and the user will be prompted for the credential. 
  2. The credentials are forwarded to the application server for authentication. We have configured the Accops ADS server as the authentication server for "Application A.” 
    • When the credential reaches the Accops ADS server, the Accops HyID module will validate the OTP, and the username and password will be validated with Active Directory since Accops ADS is already connected with Active Director/LDAP server and acting as a Proxy. 
    • Once the HyID receives a confirmation for username and password, the application will get a successful login message, and the user will be logged in. 

Use case - Application B, where MFA is not required 

  1. First, the request hits the web server, and the user will be prompted for a username and password. 
  2. The credentials are forwarded to the Application Server for authentication. We have configured the Active Directory/LDAP server as the authentication server for "Application B.”
    • When the credential reaches Active Directory, the user will be authenticated via Active Directory with any configured MFA.

For detailed configuration of AD/LDAP click here.