Active Directory Provider
Active Directory (AD) is a database-based system that provides authentication, directory, policy, and other services in a Windows environment.
Create Active Directory Provider
-
From the left navigation menu, navigate to External Systems >
Providers and click Create
Provider.
-
Enter a Name (64 characters or fewer), select Active
Directory, and if you want Active Directory to be the active
provider, toggle on Active?.
-
For Connection Settings, enter/select the following:
- Port - The TCP port used by the server
- Hostname FQDN IP(s) - The fully qualified domain name (FQDN) or IP address of the AD server. For high availability (HA) environments, specify multiple AD servers using the same settings. If the first server cannot be reached, connections to succeeding ones are attempted in order.
-
For Provider-specific Parameters enter/select the following, as
appropriate:
- Groups Search DN - The AD Distinguished Name (DN) path for the RBAC Groups Organizational Unit (OU)
- Users Search DN - The AD Distinguished Name (DN) path for the RBAC Users Organization Unit (OU)
- Bind DN - The AD Distinguished Name (DN) path for the active server user that the Apstra server will connect as
- Password - The AD server user password for Apstra server to connect as
- Encryption - None, SSL/TLS or STARTTLS
- Advanced Config
- Timeout (seconds) - Increasing timeout above the default 30 seconds may impact API responsiveness for all users. If you need a longer timeout for MFA support, you may increase the timeout up to 60 seconds. If you require a timeout above 60 seconds, contact Juniper Technical Support.
- Username Attribute Name - The AD attribute from the user entry that the Apstra server uses for authentication. (usually cn or uid)
- User Search Attribute Name
- User First Name Attribute Name
- User Last Name Attribute Name
- User Email Attribute Name
- User Object Class Attribute Name
- User Member Attribute Name
- Group Name Attribute Name
- Group DN Attribute Name
- Group Search Attribute Name
- Group Member Attribute Name
- Group Member Mapping Attribute Name
- Group Object Class Attribute Name
- You can Check provider parameters and Check login (to verify authentication with the remote user credentials) before creating the provider.
- Click Create to create the provider and return to the table view.
After configuring and activating a provider, you must map that provider to one or more user roles to give access permissions to users with those roles.