Documentation

Active Directory IdP connection

Suggest Edits

Overview

Active Directory (AD) is Microsoft's proprietary directory service. It runs on Windows Server and enables administrators to manage permissions and access to network resources.

Entitle populates groups and users in the Active Directory (AD) IdP connection.

This page will provide you with instructions on how to integrate Entitle and Active Directory as an IdP.

General Guidelines

Note: In case you have already integrated Active Directory with Entitle using this guide, you can use the same AD application configuration and continue to the Entitle setup section.

  • To integrate your Active Directory with Entitle, you will need to:
    • Provide Entitle with your Directory’s Domain, Server, Username, and Password values.

Set up Active Directory to work with Entitle

Stage 1: Extract your Directory’s Domain

  1. In your Active Directory Management Panel, click on the Active Directory Users and Computers folder.

  2. Inside the folder, you will be able to see your Domain value written where the example.org value in the screenshot below is written.

  3. Change the format of your Domain value to the following format. You will need it later on for the configuration: <DC=<Domain_Prefix>,DC=<Domain_Suffix>.

Stage 2: Extract your hostname (server)

  • In case you don’t know your Active Directory’s Host Name, open your command line and run the following command: hostname. You will need it later on for the configuration as well.

Stage 3: Provide Entitle with your username and password

Username

  1. For the configuration later on, you will need to add your Username in the following format: Domain\\Username.

  2. In case you don’t remember your Username, you can find it by right-clicking the Users folder, choosing Properties, and then clicking on the Account tab. There, you will find it under the User logon name.

    Note: Pay attention that in the username format required for the configuration, there are two \\ and not a single \.

Password

  1. Add your password as-is to the configuration later on.

Assign permissions

  1. Go back to your Active Directory Management Panel and right-click on the Users folder.

  2. Choose the View option, check the Detail option, and the Advanced Features option below it.

  3. Right-click on the Users folder again, click on the Properties option and navigate to the Security tab.

  1. Click on the Advanced tab, and check if the Entitle user appears.

    • If the Entitle user doesn’t appear - Click on the Add button, add the user, and then continue to the next step.

    • Edit the permissions of the Entitle user; Make sure that the following properties are checked:

      • Read all properties

      • Write all properties

      • Read permissions

    • Click OK in the Permissions Entry for Users, Advanced Security Settings for Users, and the Users Properties screens.

    • To allow Entitle to manage domain privileges, the same process should also be applied to the Domain option: repeat the steps above on the domain level.

Manage group memberships

  1. Right-click on the OU (or OUs) you wish to manage groups in. To manage groups in the whole organization, right-click on the parent directory.

  2. Click Delegate Control.

  3. Add the user you wish to add to the group and click Next.

  4. Select the following task from the list: Modify the membership of a group.

  5. Approve and exit.

Connecting your IdP in Entitle

All that is left to do is connect your IdP to the Entitle application.

  1. Log into Entitle and navigate to the Org Settings page.

  2. Under the Connect To section, look for the Microsoft Active Directory option, and click Connect in the according row.

  3. In the pop-up window Configure Microsoft Active Directory, fill in the required details:

    • Display Name of your choice.

    • Server - the hostname that you have extracted in stage 2.

    • Your Directory’s username and password.

    • Base distinguished name - your directory’s domain (base_dn) from stage 1.

    • In case you wish to add managers’ approval as a part of the approval process of Access Requests or to select managers as User Access Review (UAR) reviewers, check the Use as direct manager source checkbox.

    • Set the Save on field with your configuration, i.e. your own hosted agent or Entitle’s cloud. Finally, click Save.

Test your IdP connection

  1. After being redirected to the Org Settings page, you should be able to see that the Microsoft Active Directory is now Connected.

  2. Within a few minutes, refresh your browser page and go to the Approval workflows tab. Then, click on New approval workflow.

    You should now see that all groups within the specific directory have been fetched.

Updated about 1 month ago