This is not the latest version of Identity Director documentation.
View available documentation.

Add an Active Directory Authentication Provider as an Identity Provider

If you installed an Active Directory Authentication Provider separately, the following steps are necessary after installation, to add the Active Directory Authentication Provider as an Identity Provider in Identity Broker:

Step 1: Gather information

  1. Open a browser and go to the following URL: <Windows Authentication Provider HOSTNAME>/adauth/showconfig
    Example, using data from Install the Active Directory Authentication Provider (optional) :
    server.mycompany.com/adauth/showconfig
    This will offer to open or save the file showconfig.json
  2. Open (or save and open) this file using, for example, Notepad.
  3. You need the data at Realm, IdpReplyUrl, and CertPublicKey.
    This information is needed for the next step.

Step 2: Configure the Active Directory Authentication Provider in the Identity Broker Management Portal

With the information from Step 1: Gather information, you can configure the Active Directory Authentication Provider in Identity Broker.

On the Identity Provider page of the Management Portal, click Add.

  • On the New Provider page that opens, at Type, select Active Directory.
  • Specify the following fields:
    • Name: Specify a friendly name for the Provider. This name will be displayed in the Identity Broker Management Portal.
      If you want to assign the provider to an Identity Director Web Portal URL, the name cannot contain spaces.
    • Caption: Specify a caption for the button that is displayed to users when they select how they want to be authenticated. This selection will only be shown if more than one Identity Provider is configured in Identity Broker, and you did not assign the providers to specific Identity DirectorWeb Portal URLs.
      See Resulting behavior if configured correctly for more information.

      If applicable, the selection screen is displayed in between step 3 and 4 of the Authentication sequence.

    • Provider URL: Specify the host and path where the Active Directory Authentication Provider is located.
      Example: authserver.mycompany.com/adauth/
      Note that the path after the hostname is case-sensitive and ends with a slash (/).

      This URL is used in step 4 and 5 of the Authentication sequence.

    • Realm: From the Gather information step, copy the data at Realm.
      Example: urn:idbroker
    • Group/Role filter (optional): Specify an expression that will be used to filter the groups that are returned from the Identity Broker to the Consumer. See Using Group/Role filters for Identity Providers.
    • Signing Certificate (Public Key): From the Gather information step, copy the data at CertPublicKey.
    • Callback Path: From the Gather information step, copy the data at IdpReplyUrl and remove the Identity Broker host. The remaining path is the Callback Path.
      Example:
      If the data at IdpReplyUrl is https://server.mycompany.com/identitybroker/ids/adauth, enter the value /identitybroker/ids/adauth for Callback Path.
      Note that the Callback Path starts with a slash (/) and is case-sensitive.

      The Active Directory Authentication Provider redirects to this path on the Identity Broker in step 7 and 8 of the Authentication sequence.

  • Save your changes.