Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Active Directory Provider

Active Directory (AD) is a database-based system that provides authentication, directory, policy, and other services in a Windows environment.

Create Active Directory Provider

  1. From the left navigation menu, navigate to External Systems > Providers and click Create Provider.
  2. Enter a Name (64 characters or fewer), select Active Directory, and if you want Active Directory to be the active provider, toggle on Active?.
  3. For Connection Settings, enter/select the following:
    • Port - The TCP port used by the server
    • Hostname FQDN IP(s) - The fully qualified domain name (FQDN) or IP address of the AD server. For high availability (HA) environments, specify multiple AD servers using the same settings. If the first server cannot be reached, connections to succeeding ones are attempted in order.
  4. For Provider-specific Parameters enter/select the following, as appropriate:
    • Groups Search DN - The AD Distinguished Name (DN) path for the RBAC Groups Organizational Unit (OU)
    • Users Search DN - The AD Distinguished Name (DN) path for the RBAC Users Organization Unit (OU)
    • Bind DN - The AD Distinguished Name (DN) path for the active server user that the Apstra server will connect as
    • Password - The AD server user password for Apstra server to connect as
    • Encryption - None, SSL/TLS or STARTTLS
    • Advanced Config
      • Timeout (seconds)
      • Username Attribute Name - The AD attribute from the user entry that the Apstra server uses for authentication. (usually cn or uid)
      • User Search Attribute Name
      • User First Name Attribute Name
      • User Last Name Attribute Name
      • User Email Attribute Name
      • User Object Class Attribute Name
      • User Member Attribute Name
      • Group Name Attribute Name
      • Group DN Attribute Name
      • Group Search Attribute Name
      • Group Member Attribute Name
      • Group Member Mapping Attribute Name
      • Group Object Class Attribute Name
  5. You can Check provider parameters and Check login (to verify authentication with the remote user credentials) before creating the provider.
  6. Click Create to create the provider and return to the list view.

After configuring and activating a provider, you must map that provider to one or more user roles to give access permissions to users with those roles.