Documentation
Start typing to search…

Active Directory IdP connection | Entitle

Overview

Active Directory (AD) is Microsoft's proprietary directory service. It runs on Windows Server and enables administrators to manage permissions and access to network resources.

Entitle populates groups and users in the Active Directory (AD) IdP connection.

This page will provide you with instructions on how to integrate Entitle and Active Directory as an IdP.

General Guidelines

ℹ️

In case you have already integrated Active Directory with Entitle using this guide, you can use the same AD application configuration and continue to the Entitle setup section.

Password

  1. Add your password as-is to the configuration later on.
  1. Right-click on the Users folder again, click on the Properties option and navigate to the Security tab.

  1. Click on the Advanced tab, and check if the Entitle user appears.

    • If the Entitle user doesn’t appear - Click on the Add button, add the user, and then continue to the next step.

    • Edit the permissions of the Entitle user; Make sure that the following properties are checked:

      • Read all properties

      • Write all properties

      • Read permissions

    • Click OK in the Permissions Entry for Users, Advanced Security Settings for Users, and the Users Properties screens.

    • To allow Entitle to manage domain privileges, the same process should also be applied to the Domain option: repeat the steps above on the domain level.

Connecting your IdP in Entitle

  1. Log in to Entitle and go to the Org Settings page.

  2. Under System integrations, click Add, then select the Microsoft Active Directory option in the IdP (Identity providers) section.

  3. In the configuration modal, fill in the fields:

    • Display Name: Define a name to identify this integration.
    • Server: Enter the hostname you extracted in stage 2.
    • Username and Password: Enter the values from stage 3.
    • Base distinguished name: Enter your directory's domain (base_dn) from stage 1.
    • Self-signed certificate: When selected, you may add a self-signed certificate to the configuration. Paste the entirety of your self-signed certificate as a single or multi-line string (using \n), including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
    • Use as direct manager source: When selected, managers can be included in the approval process for access requests or can be designated as reviewers in user access reviews (UARs).
    • Save on: Choose whether you would like this integration to be saved on your own hosted agent or in Entitle’s cloud.

  4. Click Save.

Test your IdP connection

  1. After returning to the Org Settings page, you should see that the Microsoft Active Directory is now Connected.

  2. Within a few minutes, refresh your browser page and go to the Approval workflows tab. Then, click on New approval workflow.

    You should now see that all groups within the specific directory have been fetched.

Updated about 1 month ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.