Versions Compared

Version Old Version 5 New Version 6
Changes made by

Marcin Sikora

Marcin Sikora

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create the domain user

    1. In Active directory create user named svcKeycloak. The user should only need to be a Domain User.

    2. Once the user is made, run a dsquery command to get the Bind DN string (ie. CN=svcKeycloak,OU=ServiceAccounts,OU=Users,OU=VirtualWorks,DC=e1company,DC=internal)

Configuring Active Directory integration

Info

User Federation settings are dependent on particular Active Directory setup. You should adjusts following example to your current configuration. To learn more about federation settings, hover your mouse pointer over the tooltips in the Authority Service Admin Console.

  1. Go to User Storage Federation menu option

  2. On the right side, there is a list box labeled Add Provider. Select the LDAP provider type and you will be sent to the provider's settings page.

  3. Adjusts settings according to screen below:

    1. Enter the display name for the provider

    2. Choose Active Directory in Vendor field

    3. Set Import users to On. Authority Service will import users into local database.

    4. Set Edit Mode to Read Only. You will be unable to modify the username, email address, first and last names, or any other mapped attributes. Updates to passwords are not supported.

    5. Set Sync registrations to Off. Users created in Authority Service will not be synced back to LDAP.The remaining settings are dependent on particular Active Directory setup. You should adjusts example to your current configuration. To learn more about these settings, hover your mouse pointer over the tooltips in the Authority Service Admin Console.

    6. Set Username LDAP attribute to “sAMAccountName”. This will set username of imported user to it’s Active Directory user name.

    7. Set Custom User LDAP Filter to (&(objectCategory=Person)(sAMAccountName=*)) to import users with sAMAccountName attribute set only.

      1. If you want to filter users to be imported by AD Group, extend filter with memberOf clause. For example, given that you want to import users in SagaUsers group only and distinguished name of that group is CN=SagaUsers,OU=Groups,DC=company,DC=internal, use following filter (&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=SagaUsers,OU=Groups,DC=company,DC=internal)) .

    8. Go to Mappers tab and edit "username" mapper. Change LDAP Attribute to sAMAccountName

Configuring Single Sign On

...