Integration IES with Active Directory

Integration with Active Directory On-premises and Azure AD (Entra)

Active Directory (On-premises)

Active Directory on-premises

These parameters must be specified if you will use IES scenarios for working with AD. Import and sync users from Active Directory Import and sync users from Active Directory with domain password changing

Click the button Settings→Parameters→Add Domain Settings

Fill in and save the following parameters (domain on-premises):

  • Domain Name: enter your Active Directory domain. This is necessary to import users from previously created groups in AD.

  • User Logon Name: AD administrator's login with permissions to get users and groups from the AD and change user passwords.

    • Skip credentials (sync will be disabled)

  • Password: AD administrator's password with permissions to get users and groups from the AD and change users' passwords.

  • Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.

Azure AD (Entra)

To connect the Azure AD with the IES, please, first, set the Azure AD application:

  • Open Settings→Parameters→Add Domain Settings→ select radio button Azure Active Directory

  • Login to the Azure portal

  • Go to the Azure Active Directory → App registrations

  • Click New Registration

  • Go to app overview copy the Application (client) ID, and Directory (tenant) ID, and paste those values into Domain Settings on IPI Server

Fill in and save the following parameters on IES (Azure AD):

  • Application ID: enter your Azure AD application id.

  • Client secret: enter your Azure AD client secret.

  • Tenant ID: enter your Azure AD tenant id.

  • Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.

After saving the data, login parameters are not displayed in the setting

  • On Azure portal, go to the Certificates & secrets → New client secret and then add and copy Client Secret

  • Copy the secret from column Value and paste it to the field Client Secret on IPI Server

  • On Azure portal, go to the API permissions -> Add a permission -> Microsoft Graph

  • Click Application permissions, then scroll down and select the Directory → _Directory.Read.All_ permission.

  • Click Grant admin consent

Fill in and save the following parameters on IES (Azure AD):

  • Application ID: enter your Azure AD application id.

  • Client secret: enter your Azure AD client secret.

  • Tenant ID: enter your Azure AD tenant id.

  • Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.

After saving the data, login parameters are not displayed in the settings.

If you use Linux and need the AD integration, join your Linux server to the AD

Be aware! As soon as you remove the AD administrator login and password from the settings, all AD sync scenarios will stop working.

With this instruction, you can add on server several domains at the same time. Each domain is managed separately.

Domain settings

  • Workstation passwordless logon settings - Update Workstation Passwordless Logon Settings.

PreviousAdmin cases for IPI Enterprise ServerNextImport and sync users from Active Directory

Last updated