You can add (register) a domain controller (also called name server or identity server) in the Command Center so that users who are members of the domain can log on with their domain credentials.
If Active Directory (AD) single sign-on (SSO) is enabled for the Active Directory server in the CommCell environment, then AD SSO takes precedence over both SAML and password-based authentication.
If AD SSO is not enabled for the Active Directory server in the CommCell environment, then SAML authentication takes precedence over password-based authentication, and domain users cannot authenticate themselves using a password to log on to the Web Console. The users are automatically redirected to the identity provider (IdP) for authentication. To allow a user to cancel the redirection and use their password for authentication, change the value of the forceSAMLLogin additional setting to false. For more information, see Additional Setting for a CommCell Entity.
Before You Begin
If you want to use Active Directory single sign-on, configure LDAP on the Active Directory Server.
If you need to create an Active Directory for a specific company, in the upper-right corner of the page, from the Select a company list, select the company that you want to create the Active Directory for.
For an Active Directory server that you want to create a secure LDAP connection through a proxy client computer for, verify the following:
The Active Directory server is reachable from the proxy client computer.
The proxy client computer has the SSL certificate installed.
For information about whether the proxy client is configured for LDAP with the proper SSL certificate, see Verify LDAP Configuration on External Domain.
The proxy client computer is registered with the CommServe computer. Otherwise, you must install the LDAP Gateway CommServe server package on the proxy client.
From the navigation pane, go to Manage > Security.
The Security page appears.
Click the Identity servers tile.
The Identity servers page appears.
In the upper-right corner of the page, click Add.
The Add domain dialog box appears.
On the LDAP tab, from the Directory type list, select a domain controller type.
Enter the information according to the type of domain controller you want to add:
Note: When adding an LDAP server, you must select LDAP Server, and then configure the Attribute map with the LDAP attributes (user filter, user group filter, unique identifier, and base DN) that correspond to your domain controller type.