Create an Active Directory Connector
The Active Directory connector allows SigningHub to connect with an organisational Active Directory to authenticate users both at the time of login and at the time of signing. By using this connector, the SigningHub users can authenticate themselves by using their (same) Active Directory account credentials. SigningHub Rest APIs, Mobile Apps, and Mobile web use Kerberos token for Active Directory authentication. SigningHub Desktop Web uses NTLM tokens (Integrated Windows authentication), so the username and password will not be required in an AD connector if it is to be used only for SigningHub Desktop Web. LDAP (Lightweight Directory Access Protocol) is used to query data from Active Directory. LDAP queries are generated on behalf of a superior domain user who should have permissions to connect to the LDAP directory, search the users based on UID and password, and read the Security Group or OU of the users. For such cases, the username and password are required in their AD connector.
Create an Active Directory connector
Click the 'Configurations' option from the navigation panel.
Click the 'Connectors' option.
Click the
icon from the grid header.
The 'Add' connector screen will appear to add the connector details. It comprises of two sections, i.e. Basic Information and Details. Specify the basic information and click the
button to provide the respective connector details. Click the 'Create' button. A new connector will be saved and displayed in the list. See the table below for field descriptions.
Active Directory Connector
Fields
Description
Name
Specify a unique name for this connector, i.e. My Active Directory. This connector will be used in the configuration of Authentication Profiles.
Provider
Select the provider for this connector, i.e. "Active Directory".
Purpose
This field will display the purpose of the selected provider above, i.e. the purpose of "Active Directory" is "Authentication".
Logo
Select an appropriate image in the jpeg, jpg, gif or png format for the connector's logo that will be displayed on the login screen.
Domain Controller Host
Specify the Active Directory host server name or IP address, e.g. Server-PDC or 192.168.0.150
SigningHub will use this address to connect with the Active Directory server (Domain Controller) for End-user Authentication, Contact Syncing, and AD Provisioning.
Port
Specify the LDAP server port number to connect SigningHub with Active Directory. The default LDAP port is 389.
While configuring the Active Directory connector, the ports (i.e. 389 on non SSL and 663 on SSL) must be opened between the SigningHub and Active Directory servers. Also ensure that two way communication between SigningHub and the Active Directory must be enabled to send/get the response for authenticating a user.
User ID
Specify a user ID to connect with the Domain Controller host server. This domain user does not necessarily need to have administrator rights in Active Directory. Here are the important considerations about the user connecting with the Domain Controller:
Must exist in Active Directory, i.e. a valid Active Directory user.
Must be an active user of Active Directory, i.e. should not be set as disabled.
Must have the "Read" permissions on Active Directory to read the Security Groups and email addresses of all the users.
This domain user is required to connect with the Active Directory Domain Controller Host Server when using LDAP to query information in Active Directory. SigningHub uses LDAP in the following two cases:
Inside the SigningHub API, where these APIs are used by SigningHub Mobile Web and SigningHub Native Apps.
Inside the SigningHub Core for Active Directory Synchronisation thread.
However, for SigningHub Desktop Web, Windows Authentication is used, which can work even without providing this user information. Moreover, when you need Active Directory authentication for SigningHub Desktop Web, the users to be authenticated should be part of the same domain where SigningHub has been deployed, e.g. if the users belong to the "Ascertia" domain, then SigningHub should also be deployed on the "Ascertia" domain.
User Password
Specify the user password to access the Domain Controller host server.
This password is of the same user which has been provided above. It will be used in LDAP to query information in Active Directory for SigningHub Mobile Web, SigningHub Native Apps and SigningHub Core.
Active
Tick this check box to make this connector active. Inactive connectors cannot be configured in the Authentication Profiles.
Last updated