Importing Users from Active Directory

Access Manager Plus allows you to import and synchronize users directly from the Active Directory. You can also schedule your synchronizations so that new users added to the Active Directory will automatically be imported into Access Manager Plus. This document provides information on how to import users from Active Directory. Users logged into the Windows system using their domain account can log into Access Manager Plus directly.

Summary of Steps

Navigate to Admin >> Authentication >> Active Directory. The Active Directory Configuration page is displayed. The following are the sections to be setup:

  1. Importing Users
  2. Specifying Appropriate User Roles
  3. Enabling AD Authentication

1. Importing Users

Provide credential details and import users from Active Directory. Access Manager Plus automatically gets the list of the domains present under the Microsoft Windows Network folder of the server of which the running Access Manager Plus is a part of. Select the required domain and provide necessary domain controller credentials.

To do this,

  1. Click the Import Now button. You can also access this from Users >> Add user >> Import from Active Directory.

  2. In the pop-up form that appears,
    1. Select the required Domain Name, which forms part of the AD from the drop-down.
    2. Specify the DNS name of the domain controller. This domain controller will be the Primary Domain Controller.
    3. In case, the Primary Domain Controller is down, Secondary Domain Controllers can be used. If you have secondary domain controllers, specify their DNS names in comma separated form. One of the available secondary domain controllers will be used. When you use SSL mode, make sure the DNS name specified here matches the CN (common name) specified in the SSL certificate for the domain controller.
    4. Connection Mode: For each domain, you can configure if the connection should be over an encrypted channel for all communication. To enable the SSL mode, the domain controller should be serving over SSL in port 636 and you will have to import the domain controller's root certificate into the Access Manager Plus server machine's certificate store.
    5. Supply Credentials: If you choose Specify Username and Password Manually, Enter a valid user credential having read permission in the domain controller. If you choose Use an account stored in Access Manager Plus, Enter a valid session name.

      6. Note: If you want to import users from multiple domains, you may enter the username as <DomainName>\<username>. For example, if you want to import DOMAIN A users by giving DOMAIN B username/password, you need to enter the username as <DOMAIN B>\username).

    6. Users to Import: By default, Access Manager Plus will populate all the organizational units (OUs) and groups from Active Directory. If you want to import only a particular user, enter the required user name(s) in comma separated form.
    7. User Groups to Import / OU(s) to Import: Similarly, you can choose to import only specific user groups or organizational units (OUs) from the domain. You can specify the names in the respective text fields in comma separated form.
    8. Synchronization Interval: Whenever new users get added to the Active Directory, there is provision to automatically add them to Access Manager Plus and keep the user database in sync. Enter the time interval at which Access Manager Plus has to query the Active Directory to keep the user database in sync. The time interval could be as low as a minute or it can be in the range of hours/days.
    9. Click Save. Access Manager Plus will save the domain details. During subsequent imports, only the new users entries in AD are added to the local database.

  3. In case of importing organizational units (OUs) and Active Directory groups, user groups are automatically created with the name of the corresponding OU / AD group.

1.2 Importing Domain Controller's Certificate into Access Manager Plus

To import domain controller's certificate into Access Manager Plus machine's certificate store, you can use any procedure to import the SSL certificates to the machine's certificate store. One example is given below:

  1. In the machine where Access Manager Plus is installed, launch Internet Explorer and navigate to Tools >> Internet Options >> Content >> Certificates.
  2. Click Import.
  3. Browse and locate the root certificate issue by your CA.
  4. Tap Next and choose the option Automatically select the certificate store based on the type of certificate and install.
  5. Click Import again.
  6. Browse and locate the domain controller certificate.
  7. Tap Next and choose the option Automatically select the certificate store based on the type of certificate and install.
  8. Apply the changes and close the wizard.
  9. Repeat the procedure to install other certificates in the root chain.

2. Specifying Appropriate User Roles

All the users imported from AD will be assigned the User role by default. To assign specific roles to specific users,

  1. Click Assign Roles Now.
  2. In the pop-up form that opens, all the Users imported from AD are listed.
  3. Click Change role button against desired users for whom you wish to change the role and select the appropriate role from the drop down.

3. Enabling AD Authentication

The third step is to enable AD authentication. This will allow your users to use their AD domain password to login to Access Manager Plus. Note that this scheme will work only for users who have been already imported to the local database from Active Directory.

Troubleshooting Tip

Access Manager Plus will repeatedly ask you to enter the computer account credentials until it is correct through a dialog box. If the user wants to login without the credentials, they must close the dialog box, which would redirect them to the login screen of Access Manager Plus; here they can log in using their Access Manager Plus local authentication credentials.

See also:
Top