Setting MS Active Directory
Active Directory is a directory authentication service found on most Windows Servers.
You can have users in an Active Directory be synchronized with this system. Authentication for those users can be found through the Active Directory. In most cases, Active Directory does not require any additional configuration to work with AppBase. However, AppBase does not support arbitrary LDAP implementations. We support only Microsoft Active Directory.
By default, AppBase synchronizes a set of predefined properties with Active Directory:
samAccountName (login name)
AppBase can be configured to override ActiveDirectory property names to get values for all those properties.
AppBase can be configured to synchronize Custom Properties for each user.
Starting from the AppBase version 6.6 R3, we have added the ability to add Active Directory users via synchronization for SAML authentication providers. This means that starting from the version 6.6 R3, it is now possible to import users into AppBase from Active Directory and have them authenticate using any SAML 2.0 supported protocol (for example ADFS).
Starting from AppBase version 6.6 R1, we support importing users from foreign Active Directory. Unless you plan to use Kerberos-based single sign-on, AppBase can import users from any supported external Active Directory. You can then authenticate those users using SAML 2.0 identity provider (ADFS) or username/password, depending on your Active Directory and AppBase configuration.
Currently, you can set up only one Active Directory configuration.
Adding an MS Active Directory
- On the top right, navigate to
→ Manage Users
- On the left, navigate to User Management → Auth Configurations
- Click on the New AD Configuration to add a new Active Directory
- In the General Properties section ad a Name for the configuration
Complete the following fields based on your AD configuration
Field Description Connection string
LDAP connection string used to connect to Active Directory. Please refer to https://msdn.microsoft.com/en-us/library/aa746384(v=vs.85).aspx
Starting with AppBase version 6.6 R1 we have changed requirements to the Connection String: Check the changes here LDAP Connection String Requirement changes
Username User name to connect to the Active Directory during synchronization. Please use a user that can connect to Active Directory and read the necessary properties. Password Password for the synchronization user Group filter The AD configuration will only work with the groups specified here. Include Nested Groups Controls if any groups nested within a container should be processed during synchronization. Supervisor match field Allows overriding Active Directory field name used to get a reference to a supervisor user during synchronization. The default behavior is to use the Active Directory property 'manager' Activate inactive users on sync
Controls if inactive AppBase users should be activated if they were found in Active Directory
Stop Sync on any nested group error
The option is enabled by default. It means that when an exception occurred during nested group synchronization the synchronization process will be interrupted and no changes will be applied to the model.
If it is disabled then any exceptions except "Server is not operational"(known to us connectivity issues) will be ignored during nested group synchronization which will skip processing for some groups that may be inaccessible to the user(because of lack of permissions or other security reason), but continues to synchronize all other nested groups
Please note that "Stop Sync on any nested group error" works only when "Include nested groups" is enabled. If "Include nested groups" is disabled then nested groups will not be synchronized at all and "Stop Sync on any nested group error" will not be processed in any way.
- In the Scheduler, set the periodicity to run the AD synchronization.
- Add a Description of this configuration.
- After the AD synchronization, AppBase performs Actions depending on how the active directory connection is configured in AppBase. By default configuration, AppBase creates users which do not exist in AppBase, updates existing users’ properties, disables users deleted in Active Directory, creates groups that do not exist in AppBase, updates existing group’s properties, and deletes groups deleted in Active Directory. After the users/groups are updated, AppBase updates links between groups and users. If a user is linked to a group in Active Directory it becomes linked to the same group in AppBase. If a user is removed in Active Directory from a group it is unlinked from the same group in AppBase too. Only user-group links added during synchronization are removed, AppBase does not remove the link between a user and a group when either the user or the group was added manually or belongs to another configuration (for example, when you link Active directory user to AppBase group that belongs to Tenant auth provider).
- Save the new configuration
- Setting Security Assertion Markup Language (SAML)
- Configuring Single Sign-On (SSO) using Microsoft Azure AD
- Auth Configurations