Microsoft Active Directory
MyPass Cloud supports easy integration into multiple Microsoft Active Directories from a single or multiple Gateway servers. The configuration is done by your MyPass Cloud engineer assigned to your project or by requesting changes via [email protected].
All communications to the target Active Directory infrastructure are routed via the Gateway server. Integration is done through secure or SSL mode. Note that using SSL requires changes to your Active Directory deployment. Secure mode is the default mode used by Microsoft Active Directory internally (for synchronizing passwords between Domain Controllers).
MyPass Cloud requires the following to access a Microsoft Active Directory Domain via your Gateway.
| INFORMATION | DESCRIPTION |
|---|---|
|
Domain Name
|
The full qualified domain name of the domain like mycorporation.com.
|
|
Domain Alias
|
A label typically the same as the NetBIOS name for the domain which is what is shown in desktop login interfaces.
|
|
Connection Mode
|
The connection mode to use for the communication. Microsoft Active Directory offers the modes normal, secure and SSL but Password Manager only supports Secure and SSL mode. The secure mode used Kerberos for the authentication which is dependent on normal domain communication from the Password Manager Gateway Server and to the Domain Controller in addition to communication on port 389 (TCP). The SSL mode requires a certificate to be implemented on the Domain Controller which is not a trivial task but then as an advantage it only requires communication on port 636 (TCP) from the Password Manager Gateway Server and to the Domain Controller.
|
|
Domain Account Name
|
The name for the account with privileges to read user attributes and to reset passwords.
|
|
Domain Account Password
|
The password for the account specified.
|
To support redundancy, MyPass Cloud can be configured to access multiple Gateway servers and multiple domain controllers in the same domain. For configuration purposes, the following information must be configured for each connection to a Domain Controller.
| INFORMATION | DESCRIPTION |
|---|---|
|
Domain Controller
|
The fully qualified hostname or IP address for a domain controller. If SSL mode is desired for the communication then the fully qualified hostname is required.
|
|
Gateway Server
|
The Password Manager Gateway to use as offset for the specified Domain Controller.
|
All parameters are stored in the MyPass Cloud Encrypted data store. The next section explains the LDAP operations performed against Microsoft Active Directory and the required privileges for the Domain Account to function.