Add a directory
Deploy an identity connector. For more information, see Create and download an identity connector.
Before you begin
Complete this procedure to add any of these directory types:
- Active Directory (AD)
- Lightweight Directory Access Protocol (LDAP)
- Active Directory Lightweight Directory Access Services (AD LDS)
After you add a directory, you must associate the directory service to an identity provider (IdP).
- In the Enterprise Center navigation menu, select .
- Click the plus sign icon.
- In the name and description fields, enter a name and description for the directory.
In the Service Type menu, select one of these directory types:
- AD LDS
- Click Add New Directory.
To configure the host information:
Note: If firewalls are used, administrators should allow the ports so that ETP can communicate with the LDAP or LDAPS FQDN and port for authentication operations.
- Click the General settings tab.
- In the host menu, select either LDAP or LDAPS (secure LDAP) based on how your native directory is setup (LDAP is most common).
- Enter either a valid IP address, the fully qualified domain name (FQDN) of your native directory, or the URL to access the directory within your network.
- Only modify the port number if necessary. If needed, enter the port number to access the directory internally.
- Depending on directory type, enter the AD domain or the LDAP domain. For AD domain, enter the Windows domain where your Active Directory is located. For an LDAP domain, enter the LDAP domain where your directory is located.
- In the Admin Account field, enter an administrator account that ETP can use to connect to this directory. The administrator account should have read-only access or higher. For example, use the format NetBiosDOMAIN\administrator. For a Microsoft Windows AD integration, enter the Distinguished Name from the Microsoft Windows AD.
- In the Admin Password field, enter the password that’s associated with the admin account.
Select the login preference. This is the identifier for the user’s principal in
the directory. The user provides this identifier when they are prompted to login
or authenticate to access a website. Depending on the directory, you can choose
from one of these identifiers.
- For AD, you can select Email, SAM Account Name, User Principal Name, or Domain/SAM Account Name.
- For LDAP, you can select Email or UID.
- For AD LDS, you can select Email, UID, or User Principal Name.
- In the other tabs, configure the directory settings as they apply for your implementation.
- To configure password management, see Manage password complexity for the Login Portal from the Active Directory (AD).
In the Connectors tab,
associate or disassociate an identity connector with the directory:
- To associate a connector, click the plus () sign in the upper right. Then select one or more connectors and click Associate.
- To disassociate a connector, hover over the directory and click the minus sign. Then click Disassociate on the window that displays.
- Click the Users tab to view the users assigned to the directory. You can click the number in the Groups column to view the groups a user is associated with.
- Click the Groups tab to view the groups that are configured in this directory. You can view the users that are assigned to the group. You can also click the sync icon to synchronize ETP with the latest group information from your directory.
To import a group from an AD, LDAP, or AD LDS:
- In the Groups tab, click the plus sign.
- In the provided text field, enter the group name. You can use wildcards to perform the search. You add an asterisk (*) on one or both ends to your search terms. Group searches are case sensitive.
- Click Search Group.
- Select the group or groups that you want to import, and click Add.
- Click Save.