Connect Aternity to your Active Directory

You can connect Aternity to your Microsoft Active Directory (AD), so that usernames defined in the AD can also be defined as Aternity users. Their usernames and passwords are managed in the AD only. You can also easily add an entire LDAP group as Aternity users, and assign a set of roles to all members of the group, to save you from manually managing each user separately.

Important

This list of users are allowed to sign in to view Aternity. This is NOT the list of monitored usernames and device details which is obtained by the Aternity Agent running directly on the monitored device.

When you connect Aternity to your LDAP directory, a user can log in by selecting the name of the LDAP directory in the Domain field of the login screen, and then enter their regular enterprise username and password.

Connect the enterprise LDAP directory to use network usernames and passwords

You can connect to more than one LDAP directory, or more than one search base within the same LDAP directory.

Procedure

  1. Step 1 Open a browser and log in to Aternity.
  2. Step 2 Select the Gear Icon > Settings > Enterprise Environment Integration > Directory Service.
    Access the settings to connect to your enterprise LDAP directory
  3. Step 3 Enter the connection information to access the enterprise LDAP directory server.
    Configure settings to connect to the LDAP directory server
    Field Description
    Name

    Enter the display name of the LDAP directory, as it should appear in the login screen of the system.

    URL

    Enter the address to connect to the LDAP directory server using a URL format (including the ldap:// protocol).

    Search Base

    Enter the part of the LDAP database tree which you want to expose to Aternity. For example, you can restrict to a domain within the tree: ou=name, dc=<domain_name>,dc=com.

    Server Requires Authentication

    Select if access to the LDAP database requires credentials.

    User name

    Enter the username required by the LDAP server to access the LDAP database.

    Password

    Enter the password required by the LDAP server to access the LDAP database.

    Authorize indirect group members

    Select to allow adding an entire LDAP group of users to have access to Aternity with their network usernames and passwords. You can associate that group with a set of privileges.

    Without this setting, you can only add individual LDAP users to login with their network usernames and passwords.

    User name attribute

    Enter the LDAP field name which represents the login username.

    First name attribute

    Enter the LDAP field name which represents a user's first name.

    This is only used to display the user entry in the list of Aternity users.

    Last name attribute

    Enter the LDAP field name which represents a user's last name.

    This is only used to display the user entry in the list of Aternity users.

    Department attribute

    Enter the LDAP field name which represents a user's department in your organization.

    This is only used to display the user entry in the list of Aternity users.

    Description attribute

    Enter the LDAP field name which represents the description field of a user.

    This is only used to display the user entry in the list of Aternity users.

  4. Step 4 Select Test Configuration to verify that Aternity can access the LDAP directory with the entered address, credentials, and search base.
  5. Step 5 Select Apply.