AD/LDAP Server
Add AD/LDAP Authentication Server
- Log on to the HySecure Management console.
- Go to Settings > Authentication Servers and click Add to specify a new Authentication Server.
- Select AD/LDAP from the Select server type list.
| Field | Description |
|---|---|
| Server Type | Select Active Directory or LDAP. |
| Server Name | Enter the AD/LDAP Authentication Server identifier. |
| Server IP Address/Host Name | Enter the AD/LDAP server's IP address, hostname, or FQDN. This will be the Primary Server address. |
| Enable Failover Option | Enable if there are failover servers available. |
| List of Failover Servers | Enter semicolon-separated IPs or hostnames, which will act as AD failover servers. A maximum of 20 servers can be added. |
| Port | The default AD/LDAP port number is 389. Change this port number if your AD/LDAP server runs on a different port. If a secure connection is to be established with the AD, then a default SSL port of 636 must be entered, and the Enable SSL checkbox must be checked. |
| Enable SSL | Enable if encrypted communication with the AD is expected. In this case, the Port field should contain the port used for encrypted communication with AD, which by default is 636. This should also be checked when the AD password can be changed from HySecure using the Self Service Portal, as the password change needs to be encrypted. |
| Admin Bind DN | Enter the Distinguished Name of Admin in this field. For example, for an admin of the domain mycompany.com, the admin’s DN can be CN=admin, CN=users, DC=mycomapny, and DC=com. This DN will be used to log into the AD for any needed operations. Note: Use AD service account credentials as an alternative. |
| Admin Password | Enter the relevant password. |
| Base DN | Enter the Base Distinguished Name on the AD server under which the users will be searched. Base DN for a domain mycompany.com and finance department can be in the form of OU=finance, DC=mycompany, DC=com. |
User Attribute Mapping
An LDAP/AD user object has various attributes that contain user information such as name, login credentials, telephone number, address, and more. An administrator can use attribute mapping to fetch information such as Email Address, Phone number, and User group to assign access based on these attributes.
Below is a list of mandatory fields. The administrator can add standard attributes from the dropdown menu, such as Existing User Attributes. Using Create New User Attributes, the administrator can also create custom attributes and map them with directory attributes.
Apart from this, the Administrator can also enable and enforce custom queries to fetch these attributes.
| Field | Description |
|---|---|
| LoginID | This name can be matched with the configured attribute value in AD. By default, it is samAccountName. |
| EmailID | This field contains the user's mail address. The default value mail is used to send OTP when logging in to the gateway. |
| PhoneNo | This field contains the user's mobile number. The default attribute telephoneNumber is used to send OTP when logging in to the gateway. |
| GroupsName | This field contains the user's group information for authorization purposes. Group information is needed if the policies are configured for groups rather than users. By default, the attribute used is memberOf. |
Domain Suffix Configuration
Use this section to configure the Domain Suffix.
| Field | Description |
|---|---|
| Use the domain name entered by user | Select this option to use the domain as entered by the user while logging in. For example, if the user enters their name as username@mycompany.com, the domain is considered mycompany.com, and the user is searched in that domain. |
| Use the domain name configured here | Select this option and enter the domain to use. In this case, the user would need to enter just the name while logging in, and the user is searched in the domain based on the value entered in this field. |
User Interface Configuration
The administrator can use this section to set up a message that will be displayed to users when they log in.
| Field | Description |
|---|---|
| Message for Users | Specify the message to display on the client's login window. If no message is provided, a default message will be displayed. |
| Username label | The label name is used to enter the username in the client login window. |
| Password label | The password label name is used to enter the password in the client login window. |
| Test Connection | Before clicking the Submit, it is recommended that the connection is tested. |