Skip to content

Add an Active Directory server

You can add an Active Directory server for user authentication. Do as follows:

  1. Go to Authentication > Servers and click Add.
  2. From the Server type list, select Active directory.
  3. Enter a name.
  4. Type an IP address and port.
  5. Enter the NetBIOS domain for the server.
  6. Enter an ADS username to query the server.

    Tip

    Any domain-joined user account can query, search, and read AD group membership. These rights are sufficient to import groups from the AD server.

  7. Enter the Password for the ADS user.

  8. Choose one of the following options from the Connection security drop-down menu:

    • Plaintext: Send user credentials as unencrypted plain text.
    • SSL/TLS (Default): Use Secure Sockets Layer/Transport Layer Security to encrypt the connection.
    • STARTTLS: Upgrade a non-encrypted connection by wrapping it with SSL/TLS after or during the connection process. Uses the default port.

    Note

    We recommend using an encrypted connection.

  9. Select Validate server certificate if you want the firewall to validate the certificate when connecting to the external server.

    Note

    If you turn this option on, you must upload the AD server certificate to the firewall on Certificates > Certificates > Add > Upload certificate, or the connection to the AD server will fail.

  10. Enter a Display name attribute for the server. Users see this as the server name.

  11. Enter an Email address attribute. This is the alias for the configured email address, which the firewall shows to the user.
  12. Enter your Domain name.
  13. Enter the Search queries to run on the server. Click Add and create an LDAP query.

    Note

    Only users selected by the Search queries appear in Live Users.

  14. Click Test connection to validate the user credentials and check the connection to the server.

    Note

    When you configure synchronized user ID and STAS, the authentication server uses the mechanism from which it receives the sign-in request first.

  15. Click Save.

Go to Authentication > Services and select servers to use for service authentication.

More resources