Integration IES with Active Directory
Integration with Active Directory On-premises and Azure AD (Entra)
Last updated
Integration with Active Directory On-premises and Azure AD (Entra)
Last updated
Active Directory on-premises
These parameters must be specified if you will use IES scenarios for working with AD. Import and sync users from Active Directory Import and sync users from Active Directory with domain password changing
Click the button Settings→Parameters→Add Domain Settings
Domain Name: enter your Active Directory domain. This is necessary to import users from previously created groups in AD.
User Logon Name: AD administrator's login with permissions to get users and groups from the AD and change user passwords.
Skip credentials (sync will be disabled)
Password: AD administrator's password with permissions to get users and groups from the AD and change users' passwords.
Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.
To connect the Azure AD with the IES, please, first, set the Azure AD application:
Open Settings→Parameters→Add Domain Settings→ select radio button Azure Active Directory
Login to the Azure portal
Go to the Azure Active Directory → App registrations
Click New Registration
Go to app overview copy the Application (client) ID, and Directory (tenant) ID, and paste those values into Domain Settings on IPI Server
Application ID: enter your Azure AD application id.
Client secret: enter your Azure AD client secret.
Tenant ID: enter your Azure AD tenant id.
Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.
After saving the data, login parameters are not displayed in the setting
On Azure portal, go to the Certificates & secrets → New client secret and then add and copy Client Secret
Copy the secret from column Value and paste it to the field Client Secret on IPI Server
On Azure portal, go to the API permissions -> Add a permission -> Microsoft Graph
Click Application permissions, then scroll down and select the Directory → _Directory.Read.All_ permission.
Click Grant admin consent
Application ID: enter your Azure AD application id.
Client secret: enter your Azure AD client secret.
Tenant ID: enter your Azure AD tenant id.
Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.
After saving the data, login parameters are not displayed in the settings.
If you use Linux and need the AD integration, join your Linux server to the AD
Be aware! As soon as you remove the AD administrator login and password from the settings, all AD sync scenarios will stop working.
With this instruction, you can add on server several domains at the same time. Each domain is managed separately.
Domain Settings – These credentials will be used to connect to Active Directory via LDAPS
Users default single sign-on settings - This setting will be used for all users synchronized from Active Directory. Later you can change this Single Sign-On setting for each user individually in user settings.
Workstation passwordless logon settings - Update Workstation Passwordless Logon Settings.
