3.4.Active Directory tab
Active Directory integration settings
The remote agent needs to access Active Directory in order to be able to provision local Active Directory users to contentACCESS. During the provisioning process, the local users are re-created in contentACCESS with External Active Directory authentication. This will allow the users to log in to contentACCESS using their local AD credentials.
Enter the required LDAP server name. If explicit credentials need to be used to connect to the active directory, check the Use explicit credentials checkbox and click on Set credentials… on the right.
Enter the credentials and then click on Check credentials to verify if they are valid. If yes, click OK.
Click on Check Active Directory connection to see, if everything was set correctly.
During the provisioning, External Active Directory type logins are created for users of the selected groups. To allow the users to log in to contentACCESS using their local AD account, the authentication provider (contentACCESSWS) must be installed into the local domain and must be accessible for contentACCESS from outside. The external URL of the authentication proxy should be set here (for example: https://caAuth.company.com:981). Please note, that this public URL must be then forwarded to the machine (and port), where contentACCESSWS was installed and through which contentACCESS can reach the service. The URL must be published over HTTPS to avoid sniffing the user’s credentials.
Click on Check Remote Active Directory connection to see, if everything was set correctly.
In this step the running times of the archive rule must be selected. It is possible to select only a schedule that was previously configured in contentACCESS. It is possible to refresh the list of schedules by clicking on the button.
The provisioning job synchronizes the Active directory with contentACCESS. When the provisioning job is started, it automatically adds the new Active Directory users into contentACCESS based on provisioning settings. The provisioned users will automatically get log on rights for Remote FA and the External AD login provider will be assigned to them.
To add object, click on and specify the object(s) in the respective dialog. You can select a group, of which objects will be provisioned, or you can select an Active Directory container, and synchronize all users inside this container. Choose the object type and enter the data in the following format:
- in case of a Group: enter the name of the group
- in case of a Container: enter the distinguished name (DN)
Click on Check object to verify if the specified object can be found.
After specifying the objects to be provisioned, click on Save and the on Provision. After the provisioning is finished, you can verify the created users and logins in contentACCESS Central Administration.