# Internal Identity Provider Configuration: Active Directory

Active Directory (AD) is a robust Identity Provider (IDP) in enterprise environments. It authenticates and authorizes users, facilitating seamless access to resources. AD centralizes user management, streamlining security protocols and ensuring efficient user provisioning.

Active Directory can be utilized in Cymmetri as an Identity Provider (IDP), leveraging existing AD user accounts to access Cymmetri, as the platform supports the LDAP protocol.

For configuring AD as an Identity Provider, the primary service needed is the **Adapter Service.**

### The Adapter Service

The Adapter Service or Auth Adapter Service is exposed as a rest service that runs on HTTPS and acts as an adapter to facilitate authentication using the LDAP protocol which is often employed for authentication purposes in various systems and every adapter service instance is called by the **secret** generated while installation/configuration of adapter service.

The rest endpoints are called by cymmetri-cloud AuthenticationService to connect to On-Prem AD/Ldap or cloud AD/Ldap. The AdaptorService is used to test connections, authenticate, change, and reset the password of a user.

### Configuration

For configuring Active Directory as an internal IDP  navigate to **Authentication -> Identity Provider -> Internal IDP.** Here you may either configure the already created **AD Authentication** instance or **+Add New.**

<figure><img src="/files/Tvz3WJpatzxRG4BM34VX" alt=""><figcaption></figcaption></figure>

In either case, a screen opens where you need to provide the below-mentioned details.

* **Name**: AD Authentication
* **IDP Type**: Active Directory
* **Description:** A general description of the IDP type
* **Status:** Active
* **Adapter Service Domain:** Location (IP) of the server on which the Adapter Service is deployed
* **Adapter Service Secret:** The **secret** generated while installing/configuring of adapter service
* **Base DN:** Active Directory root domain name
* **Search Scope:** A search scope for locating users in Active Directory

  <figure><img src="/files/6hWIL3yKiGmkPh4w8uPt" alt=""><figcaption></figcaption></figure>

Once all the details are entered Save the changes and Test the Connection using the **Test Connection** button.

For enabling Active Directory to be used as an IDP for a specific set of users an Authentication Rule needs to be configured. [Here ](/identity-hub/authentication/authentication-rules.md)you can see the steps on how to configure Authentication Rules.

Once the rule is configured, whenever a user matches the rule conditions, their credentials are verified against those stored in the Active Directory. Upon successful verification, the user is granted access to log in to Cymmetri.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.cymmetri.io/identity-hub/authentication/identity-provider/internal-idp/internal-identity-provider-configuration-active-directory.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.