Configuring Active Directory Identification Targets
Active Directory Identification Targets are the domains against which Forced-Identification users are authenticated. When you configure the targets correctly, they appear in the ObserveIT Identification page. To allow ObserveIT to use Windows Authentication against an Active Directory target, you will need to add an LDAP target.
If the server on which the ObserveIT Application server is installed is a member of an Active Directory domain, the Active Directory domain will be automatically added to the list of LDAP targets, and will be configured as an "Automatic"-type LDAP target. This will enable the usage of Active Directory users and groups from all domains in all the Active Directory forests that are connected to the current forest.
By default, the use of domain local groups is disabled. In order to use domain local groups, you must enable the Allow LDAP local groups option in the System Settings page of the Web Console.
If the server was not a member of any domain during the ObserveIT installation, after adding the server to a domain, you will be able to add the LDAP target later. If the server on which the ObserveIT Application server is installed is not a member of any Active Directory domain, you can manually add LDAP targets, which will be configured as "Manual"-type LDAP targets. This will enable the usage of Active Directory users; however, you cannot use groups from that domain.
Note that only one automatic LDAP target domain can exist at any given time. Changes to the LDAP Targets are done through the Configuration > User Management > LDAP Settings page.
The ObserveIT Web Console Server must be able to communicate through LDAP traffic with at least one of the domain controllers in the target Active Directory domain. LDAP traffic uses TCP port 389 in most cases. If a firewall exists between the ObserveIT Web Console Server and the domain controller, you must configure the firewall to allow LDAP traffic to and from that domain controller. For information on how to properly configure your firewall, consult with your firewall vendor, or user manual.
To configure an Active Directory Identification Target
-
Navigate to the Configuration > Security & Privacy > Identification page.
-
In the Active Directory Identification Targets section, click the Create button.
-
In the LDAP Settings page, configure an automatic or manual LDAP target. For details, see LDAP Settings Configuration.
-
Specify the Domain, User Name, and Password that will be used to access the domain, which will be used as the Active Directory Identification target.
After the LDAP connection is established, the domain against which the users will be authenticated appears in the Active Directory Identification Targets section of the Configuration > Security & Privacy > Identification page.