Active Directory (AD) is a robust Identity Provider (IDP) in enterprise environments. It authenticates and authorizes users, facilitating seamless access to resources. AD centralizes user management, streamlining security protocols and ensuring efficient user provisioning.
Active Directory can be utilized in Cymmetri as an Identity Provider (IDP), leveraging existing AD user accounts to access Cymmetri, as the platform supports the LDAP protocol.
For configuring AD as an Identity Provider, the primary service needed is the Adapter Service.
The Adapter Service or Auth Adapter Service is exposed as a rest service that runs on HTTPS and acts as an adapter to facilitate authentication using the LDAP protocol which is often employed for authentication purposes in various systems and every adapter service instance is called by the secret generated while installation/configuration of adapter service.
The rest endpoints are called by cymmetri-cloud AuthenticationService to connect to On-Prem AD/Ldap or cloud AD/Ldap. The AdaptorService is used to test connections, authenticate, change, and reset the password of a user.
For configuring Active Directory as an internal IDP navigate to Authentication -> Identity Provider -> Internal IDP. Here you may either configure the already created AD Authentication instance or +Add New.
In either case, a screen opens where you need to provide the below-mentioned details.
Name: AD Authentication
IDP Type: Active Directory
Description: A general description of the IDP type
Status: Active
Adapter Service Domain: Location (IP) of the server on which the Adapter Service is deployed
Adapter Service Secret: The secret generated while installing/configuring of adapter service
Base DN: Active Directory root domain name
Search Scope: A search scope for locating users in Active Directory
Once all the details are entered Save the changes and Test the Connection using the Test Connection button.
For enabling Active Directory to be used as an IDP for a specific set of users an Authentication Rule needs to be configured. Here you can see the steps on how to configure Authentication Rules.
Once the rule is configured, whenever a user matches the rule conditions, their credentials are verified against those stored in the Active Directory. Upon successful verification, the user is granted access to log in to Cymmetri.
To access Internal Identity Providers navigate to Authentication-> Identity Provider->Internal IDP.
Since Cymmetri is a default Internal IDP no configuration is needed for it. An administrator may still have an option to disable Cymmetri Authentication which can be done by editing the Cymmetri Authentication Internal IDP mechanism.
An administrator may also change the Display Name and/ or Description as shown in the screen above.
Lightweight Directory Access Protocol (LDAP) serves as an important Identity Provider (IDP) in enterprise environments. It authenticates and authorizes users, facilitating seamless access to resources. LDAP is commonly used as a directory service for managing user identities and authentication information within an organization.
LDAP can be utilized in Cymmetri as an Identity Provider (IDP), leveraging existing user accounts to access Cymmetri, as the platform supports the LDAP protocol.
For configuring LDAP as an Identity Provider one of the primary services needed is the Adapter Service.
The Adapter Service or Auth Adapter Service is exposed as a rest service that runs on HTTPS acts as an adapter to facilitate authentication using the LDAP protocol which is often employed for authentication purposes in various systems and every adapter service instance is called by the secret generated while installation/configuration of adapter service.
The rest endpoints are called by cymmetri-cloud AuthenticationService to connect to On-Prem AD/Ldap or cloud AD/Ldap. The AdaptorService is used to test connections, authenticate, change, and reset the password of a user.
For configuring Active Directory as an internal IDP navigate to Authentication -> Identity Provider -> Internal IDP. Here you may either configure the already created LDAP Authentication instance or +Add New
In either case, a screen opens where you need to provide the below-mentioned details
Name: LDAP Authentication
IDP Type: Open LDAP
Description: A general description of the IDP type
Status: Active
Adapter Service Domain: Location (IP) of the server on which the Adapter Service is deployed
Adapter Service Secret: The secret generated while installing/configuring of adapter service
Base DN: LDAP root domain name
Search Scope: A search scope for locating users in LDAP
Once all the details are entered Save the changes and Test the Connection using the Test Connection button.
For enabling Open LDAP to be used as an IDP for a specific set of users an Authentication Rule needs to be configured. Here you can see the steps on how to configure Authentication Rules.
Once the rule is configured, whenever a user matches the rule conditions, their credentials are verified against those stored in LDAP. Upon successful verification, the user is granted access to log in to Cymmetri.
Cymmetri's Internal Identity Provider (IDP) is a powerful authentication solution that supports seamless integration with various Identity Providers (IDPs).
We will explore the configuration options for three types of IDPs:
Cymmetri,
Active Directory, and
LDAP.
The flexibility of the Cymmetri Internal IDP allows you to manage multiple IDPs of the same type, making it easy to adapt to diverse environments with different Active Directory/ LDAP instances. Cymmetri's Internal IDP aims to provide a centralized and adaptable authentication solution for your environment, supporting various IDP types.
To access Internal Identity Providers navigate to Authentication-> Identity Provider->Internal IDP
To customize the applicability of different IDPs, administrators need to configure Authentication Rules. These rules enable the configuration of various conditions. When these conditions are met, the corresponding authentication mechanism or IDP is used for user authentication.
