Add or edit a directory
Before you begin
If you are doing directory server certificate validation, see Upload a ROOT CA certificate with the full bundle for doing directory server certificate validation. and to configure Host and Host Aliases fields, see Directory server certificate validation rules and use cases.
- Log in to the EAA Management Portal.
From the top menu bar, select
- To edit an existing directory, locate the directory card you want to edit and click the Settings (gear) icon. Proceed to step 7.
To add a new directory, click
The Create New Directory window appears.
Enter a name and description,
and select the Directory Type. For more information about supported directory
services, see Directories.
Click Create Directory and
The configuration page appears.
- Review the Directory name and Directory service fields for accuracy. These fields cannot be modified. If these fields contain incorrect or incomplete information, return to step 4 to add a new directory.
Based on whether you're doing directory certificate validation or not, using
SSL protocol or not, select one of these choices:
Note: If firewalls are used, administrators should whitelist the ports so that EAA can communicate with the LDAP or LDAPS FQDN and port for authentication & password change/reset operations.
Use SSL protocol with directory certificate validation (recommended)
Host with ldaps (default) Enter a fully qualified domain name (FQDN)/IP of your native directory. By default, the port is 636 as per the standard. See, Directory server certificate validation rules and use cases.
Verify Origin Server Certificate. (on-by-default) Allows you to verify the authenticity of the directory service provider using the origin server's certificate. Also provide these two fields:
Host Aliases. (Optional) If you are using multiple domain controllers or if you have an IP address for the Host field, provide the Subject Alternative Name (SAN) or Common Name (CN) from your server certificate. This is used to validate the server side certificate. See, Directory server certificate validation rules and use cases .
ROOT CA Certificate. (Mandatory) Select the certificate issued by the certificate authority (CA) with the full bundle that you have uploaded into EAA. See Upload a ROOT CA certificate for origin server validation
Use SSL protocol and not do directory certificate validation. This uses SSL protocol but the origin directory server is not validated since the verify origin server certificate is disabled.
Host with ldaps. Enter fully qualified domain name (FQDN)/IP address of your native directory. By default, the port is 636 as per the standard.
Not use SSL protocol and not do directory certificate validation.
Host with ldap. Enter fully qualified domain name (FQDN)/IP address of your native directory. By default, the port is 389 as per the standard.
Complete the remaining domain fields:
- Either AD domain: Enter in the Windows domain where your Active Directory is located or LDAP domain: Enter the LDAP domain where your directory is located.
- Admin Account: Enter an administrator account that EAA can use to connect to this directory. The administrator account should have read-only access or higher. For example, use the format NetBiosDOMAIN\administrator. For a Microsoft Windows AD integration, enter the Distinguished Name from the Microsoft Windows AD.
- Admin Password: Enter the password for the Admin account.
- Login Preference: Select the identifier for the user’s principal in the directory. This is the input the user provides when accessing an application through the EAA Login Portal. For an AD directory type choose one of these: email, SAM account name, user principal name (UPN), or Domain/SAM account name. For an LDAP directory type choose one of these: email, UID. For an AD LDS directory type choose one of these: email, UID, or user principle name.
The connectors appear in a window.
- Select the connectors to associate with the directory.
Scroll to the bottom of the list
The connectors window closes.
The directories page appears.