AD/LDAP Server
Authentication Servers
Having a local database of users who can authenticate to HySecure, you can configure authentication servers which will allow integration with LDAP based directories such as Active Directory or RADIUS based authentication systems. Once configured, these Authentication Servers become active in the Authentication Domains and Access Controls pages.
Adding Authentication Server
-
Open HySecure management console.
-
Click to expand Access Management, and then click Authentication Servers.
-
Click Add to specify a new Authentication Server.
-
Select AD/LDAP from Server type.
Create AD/LDAP Authentication Server
Given below are the details of the feature and the UI.
| # | FIELD | TYPE | DESCRIPTION |
|---|---|---|---|
| 1 | Server Name | String | Enter an identifier for the External AD/LDAP Authentication Server in this field. This identifier is used to identify the server being configured, in different reports, logs and configuration screens of HySecure |
| 2 | IP Address / Host Name | IP or String | Enter the IP address, host name, or FQDN of the AD/LDAP server. This will be the Primary Server address |
| 3 | Enable Failover Option | CheckBox | Select this checkbox if there are failover servers available |
| 4 | List of Failover Servers | IP Or String list | Enter semicolon separated IP or hostnames which will act as AD failover servers. A max of 20 servers can be added to the list |
| 5 | Port | Number | The default AD/LDAP port number 389 is displayed in the Port field. Please note that you can change this port number if your AD/LDAP server runs on a different port. In case secure connection is to be established with the AD, then a default SSL port 636 will need to be entered and the "Enable SSL" checkbox on this page will need to be checked |
| 6 | Admin Bind DN | id=value pair(s) | Enter the Distinguished Name of Admin in this field. E.g. for an admin of domain "mycompany.com", admin's DN can be cn=admin,cn=users,dc=mycomapny,dc=com. This DN will be used to login to the AD for any needed operations |
| 7 | Admin Password | String | Enter the admin password in this field. |
| 8 | Base DN | id=value pair | Enter the Base Distinguished Name on the AD server under which the users will be searched. Base DN for say domain "mycompany.com" and finance department can be in the form of OU=finance,dc=mycompany,dc=com |
| 9 | User Search Attribute | String | Enter the search attribute of user record in AD/LDAP, which should be used for searching the user in the AD. The search might be needed when user logs into HySecure by providing his name. This name can then be matched with the configured attribute value in AD. By default it is 'samAccountName'. However, if the AD is configured with the attrribute 'cn' containing the username, then this field should have value as 'cn' "User Principal Name" support is also available to support login through email id. To achieve this, enter "upn" in this field. Additional configuration for upn support is needed by selecting the appropriate "Domain Suffix Configuration" |
| 10 | User Group Search Attribute | String | This field should contain the attribute of the User Record on AD/LDAP to extract the group information of the user for authorization purpose. The group information is needed in case the policies are configured for groups rather than for users. By default, the attribute used is 'MemberOf' |
| 11 | User Email Address Attribute | String | Enter the attribute of the user record on AD/LDAP, which can be used to extract the mail address of user. This attribute is typically used to send OTP during logging in to HySecure. The default attribute which gets used is 'mail' |
| 12 | User Mobile Number Attribute | String | Enter the attribute of the user record on AD/LDAP which can be used to extract the Mobile Number of the user. This attribute is typically used to send OTP over sms, during logging in to HySecure. The default attribute which gets used is 'telephoneNumber'. |
| 13 | Enable SSL | CheckBox | This should be checked if encrypted communication is expected with the AD. In this case, the "Port" field should contain the port used for encrytped communication with AD, which by default is 636. This should also be checked when it is expected that the AD password can be changed from HySecure itself using the Self Service Portal, as the password change needs to be encrypted |
Domain Suffix Configuration
Given below are the details of the feature and the UI.
| # | FIELD | DESCRIPTION |
|---|---|---|
| 1 | Use the domain name entered by user | Select this option to use the domain as entered by the user while logging in. For e.g. if the user enters name as username@mycompany.com, then the domain is considered as mycompany.com and the user is searched in that domain |
| 2 | Use the domain name configured here | Select this option and enter the domain to use. In this case, the user would need to enter just the name, while logging in and the user is searched in the domain entered in this field |
User Interface Configuration
Given below are the details of the feature and the UI.
| # | FIELD | DESCRIPTION |
|---|---|---|
| 1 | Message for Users | Enter the message which you expect to be displayed to the user on the login window of the client. In absence of this message a default message gets displayed |
| 2 | Username label | Enter the name of label to be displayed against the username on the login window of the client. |
| 2 | Password label | Enter the name of label to be displayed against the Password on the login window of the client. |