Skip to main content

Active Directory Bridge

In order to connect and use Active Directory as an IAM and to authenticate against it, you have to install the AD bridge - a software built by AuthNull that needs to sit next to your domain controller.

This software reads user information, and sometimes depending upon conditional access policies adds / removes users in groups (based on your policies). Additionally the AD bridge synchronizes users, changes passwords and issues credentials, as well as the directory is used as a source to onboard users and administrators to the AuthNull admin console.

Installing the AD bridge

How Active Directory Integration Works

The AuthNull Active Directory Bridge acts as a secure conduit, seamlessly connecting AuthNull with your Active Directory domain. This integration enhances access management, streamlines user import, and facilitates delegated authentication. The AuthNull Active Directory bridge serves as a secure connector, facilitating seamless integration between AuthNull and your Active Directory domain. This bridge empowers AuthNull with user import and delegated authentication capabilities, enhancing your privileged access management strategy.

Prerequisites

  • An active AuthNull administrator account.
  • Access to your Active Directory domain with appropriate permissions.

Registration and Configuration

Navigating to Active Directory Integration: Log in to the AuthNull dashboard using your administrator credentials and navigate to the ‘Directory’ section. Then, select ‘Active Directory’.

Registering the Active Directory bridge: Look for the ‘Add Directory’ option in the top right and click to initiate the registration process.





Entering Domain Details: Provide your Active Directory domain name and server address.





Configuring Synchronization Settings: Get configuration settings (a config file).





Download and execute a PowerShell script on a machine close to the Active Directory Domain controller: Use a machine close to the domain controller to execute the bridge so that the bridge can synchronize the users and groups from the Active Directory.

Providing the bridge Key

  1. During installation, you'll be prompted to input the bridge key generated earlier.

Completing the Installation

Execute the command ./ad-bridge-install.ps1 -OutputPath C:\authull

This it installs the ad-bridge

Copy the config and paste it when the script prompts for configuration

Config file will be saved locally in the target machine

  1. Finish the installation process as prompted.

  2. Fill up these fields to configure the AD server a. Select a domain user for the authnul AD bridge to run as: b. Select Create or use the account (recommended) . c. Account Name d. Password e. Proxy f. App Url g. API Key

  3. After filling up these fields click 'Next' to start the users & groups import. Once done configure the fields mappings.

Verification and Monitoring

Monitoring Synchronization

  1. Return to the AuthNull dashboard.
  2. Monitor the synchronization process under the 'Active Directory Integration' section.
  3. Ensure data is updated accurately and in real-time.

Verifying User Import and Delegated Authentication

  1. Confirm that user import is functioning as expected.
  2. Test delegated authentication to ensure a seamless user experience.

Troubleshooting

Refer to our troubleshooting section for solutions to common issues that may arise during the registration, configuration, or synchronization process.

For further assistance, contact our dedicated support team, who are ready to guide you through integrating the AuthNull Active Directory bridge into your privileged access management strategy.

Validate Active Directory users: Validate Active Directory users by looking at the users list in the "Directory" tab of AuthNull.

The Active Directory bridge does the following

  • Discover all privileged accounts.
  • Discover all privileged account-based policies.
  • Discover all authentications that are happening.
  • Enable password rotations for credentials based on password policy.
  • Enable password rotations for users who are checked out on a per-policy basis.

Authenticating into an Endpoint using AD credentials.

When users attempt to log into the endpoint using their AD username, the wallet shares the AD VC for authentication.

The wallet shares the AD VC for authentication.

Users can: Accept the “Share credential” request from their wallet to authenticate or decline to reject the authentication request.