This lesson is part of the Security in Ignition course. You can browse the rest of the lessons below.

LESSON LIST

Autoplay Off

Description

Add an additional authentication profile to fetch the user list from Active Directory, but store all role information in a database. This authentication profile stores users, roles, and mappings in the database similar to the Database Authentication profile, but validates against passwords stored in Active Directory.

Video recorded using: Ignition 7.9

Transcript

(open in window)

[00:00] An Active Directory database hybrid user source gives you the benefit of using your Active Directory system for authentication and the flexibility of using your database to store user information. Let's take a look at how we would set up one of these Active Directory database hybrid user sources. We start off in the configure section of the Gateway webpage and we need to go to the users and roles page under security. Here we can see a list of all of our current user sources and we need to click the link that says create new user source. We then want to select the AD database hybrid option and scroll down to the bottom of the page and click the next button. Here's where we can configure our user source. We start off with the properties that are standard to most user sources, such as the name, the schedule restriction, as well as the failover source. We can then set our main Active Directory properties down a little further. Here's where we set things like the domain, the host name of the primary domain controller, as well as the username and password. These settings all work similar to the settings in an Active Directory user source. Next we can configure certain database properties. For each of these properties, we need to specify a query that will return specific data for each of these functions. There are some sample queries provided to help get you started. These settings work very similarly to the manual settings in a database user source. In addition, if you don't feel like setting up all of the database tables and queries on your own, you can instead first set up a database authentication user source, set it to automatic mode, and let that user source automatically create all of the appropriate tables for you. You can then delete that user source and keep your tables in the database that it created. You can also opt to manually create all the tables and queries yourself, really customizing how your user source works. Finally, if we scroll down a little further, we can click the check box to show advanced properties. Here we have some advanced Active Directory properties that allow you to really customize how your connecting to your Active Directory system. After entering in all the appropriate settings, you can simply hit the button at the bottom to create the new user source.

You are editing this transcript.

Make any corrections to improve this transcript. We'll review any changes before posting them.