Documentation

Active Directory

Suggest Edits

Overview

Active Directory (AD) is Microsoft's proprietary directory service. It runs on Windows Server and enables administrators to manage permissions and access to network resources.

Entitle can manage access to Active Directory groups, local admin access, and remote access (RDP) to computers.

This page will provide you with instructions on how to integrate Entitle and Active Directory.

General guidelines

Note: Before proceeding with this guide, you might need to install Entitle’s Agent for the integration to work using this guide.

If you have already set up Active Directory as an IdP in Entitle with this guide, use the same AD application configuration and continue to the Entitle setup section.

To integrate your Active Directory with Entitle, you will need to:

  • Provide Entitle with your Directory’s Domain, Server, Username, and Password values.

Set up Active Directory to work with Entitle

Stage 1: Extract your Directory’s domain

  1. In your Active Directory Management Panel, click on the Active Directory Users and Computers folder.

  2. Inside the folder, you will be able to see your Domain value written where the example.org value in the screenshot below is written.

  3. Change the format of your Domain value to the following format. You will need it later on for the configuration: DC=<Domain_Prefix>,DC=<Domain_Suffix>.

Stage 2: Extract your host name (server)

  • In case you don’t know your Active Directory’s Host Name, open your command line and run the following command: hostname. You will need it later on for the configuration as well.

Stage 3: Provide Entitle with your username and password

Username

  1. For the configuration later on, you will need to add your Username in the following format: Domain\\Username.
  2. In case you don’t remember your Username, you can find it by right-clicking the Users folder, choosing Properties, and then clicking on the Account tab. There, you will find it under the User logon name.

Note: Pay attention that in the username format required for the configuration, there are two \\ and not a single \.

Password

  1. Add your password as-is to the configuration later on.

Assign permissions

  1. Go back to your Active Directory Management Panel and right-click on the Users folder.

  2. Choose the View option, check the Detail option, and the Advanced Features option below it.

  3. Right-click on the Users folder again, click on the Properties option, and navigate to the Security tab.

  1. Click on the Advanced tab, and check if the Entitle user appears.

  • If the Entitle user doesn’t appear - Click on the Add button, add the user, and then continue to the next step.

  • Edit the permissions of the Entitle user; Make sure that the following properties are checked:

    • Read all properties

    • Write all properties

    • Read permissions

  • Click OK in the Permissions Entry for Users, Advanced Security Settings for Users, and the Users Properties screens.

  • To allow Entitle to manage domain privileges, the same process should also be applied to the Domain option: repeat the steps above on the domain level.

Manage group memberships

  1. Right-click on the OU (or OUs) you wish to manage groups in. To manage groups in the whole organization, right-click on the parent directory.

  2. Click Delegate Control.

  3. Add the user you wish to add to the group and click Next.

  4. Select the following task from the list: Modify the membership of a group.

  5. Approve and exit.

Creating the integration in Entitle

All that is left to do is create an integration on the Entitle application.

  1. Log into Entitle and navigate to the Integrations page.

  2. After clicking the Add Integration button, type Active Directory in the Application field.

  3. Don’t forget to set the Save on field with your configuration, i.e. your own hosted agent or Entitle’s cloud.

  4. In the Connection JSON, server, username, password, and base_dn paste the values of the Server, Username, Password, and Domain from the previous stages:

    • Paste the server value from Stage 2.
      • Supported formats:
        • ds.example.com - Implicit LDAP scheme, address, default port of 389
        • ldap://ds.example.com:389 - LDAP scheme, address, and port
        • ldaps://ds.example.com - LDAPS scheme, address, default port of 636
        • ldaps://ds.example.com:636 - LDAPS scheme, address, and port
    • Paste the username value from Stage 3, step 1.
    • Paste the password value from Stage 3, step 3.
    • Paste the base_dn value from Stage 1.

    Example Connection JSON:

    {
  "server": "<Hostname>",
  "username": "<Domain\\Username>",
  "password": "<Password>",
  "base_dn": "DC=<Domain_Prefix>,DC=<Domain_Suffix>"
}

  5. Click Save.
    The Entitle integration with Active Directory saves

Updated 21 days ago

What’s Next