Setting Up Active Directory Authentication

PowerAuth Admin supports optional authentication using Active Directory. This option is disabled by default.

In case you are using Linux/Unix LDAP implementation, please follow the separate documentation.

Using Custom Active Directory Properties

In case you already have your own Active Directory server and you would like to use it as an authentication provider for PowerAuth Admin, you can configure all required properties. Namely, these properties are available for configuration:

# Enable Active Directory Authentication
powerauth.admin.security.method=active-directory

# Set Properties
powerauth.admin.security.activeDirectory.domain=wultra.com
powerauth.admin.security.activeDirectory.url=ldap://1.2.3.4:389
powerauth.admin.security.activeDirectory.root=dc=wultra,dc=com
powerauth.admin.security.activeDirectory.userSearchFilter=

These properties should be sufficient to configure all parameters required for an Active Directory based authentication.

Restricting Authentication to a Groups

The default value for the powerauth.admin.security.activeDirectory.userSearchFilter property is:

(&(objectClass=user)(userPrincipalName={0}))

To customize the user lookup query, you can change the property to include custom value (the {0} will be replaced by the username@domain), for example:

powerauth.admin.security.activeDirectory.userSearchFilter=(&(objectClass=user)(userPrincipalName={0})(memberOf=CN=MyCustomGroup,CN=Users,DC=wultra,DC=com))
Last updated on Jul 11, 2022 (14:08) Edit on Github Send Feedback
Search

develop

PowerAuth Server