This document describes how to set up AD (Active Directory) authentication in the Identity Governance
Identity Governance 14.x
These steps were done using Client Tool and Identity Governance Portal
1) We must import the Active Directory accounts to Eurekify.cfg file.
Currently, we have only Default users
2) First, let’s connect and import Active Directory users
From Identity Governance Client Tool, menu > Import > Import from Active Directory
1 – Type the Active Directory IP or hostname
2 – Type the DOMAIN\Account to connect t Active Directory
3 – Type the account’s password
4 – Click Set button
5 – Click Browse button and type the Configuration file name
6 – Click Browse button and type Users DB file name
7 – Click Browse button and type Resources DB file name
Click Next button
3) In the next window, select the OUs where the accounts are located or the root to search in all containers
Click Next
1 – Click + button to add a new field
2 – Select the new field
3 – Type LoginID in “Configuration’s Entity Field Name” field and click Set Field button
Click Next button
5) In the next window, you can set up the Roles
Click Next
6) In the next window set up the Resources
Click Next button
7) In the new window, you need to type the name of the XML file which has the configuration you just inform. Click the Finish button.
9) In the Identity Governance Client Tool, open the CFG file you saved at step #2
Check if all accounts were imported and make sure the column LoginID was created
10) Let’s save the Master and Model to the Database for this configuration
1 – Menu > File > Save to Database
2 – Select New Configuration and type the Master name, click Next
3 – Repeat step #1 and #2 but now, type your configuration name _Model
11) Now let’s create a new Universe using the Master / Model created above.
Home > Administration > Universes > Add New button
At this point make sure the Users Login Field was set to LoginID, the attribute created in step #4
Click Save button
In the next window, click the Yes button
12) Let’s run the Permissions and RACI
Home > Administration > Permissions and RACI
Select Update Permissions Configuration with Universe Users
In the list box, select your Universe, created in step #11 and click Select button
13) Now let’s configure your Domain, which will be added in front of all users, the Prefix
In the Users To Fix section, select PersonId and type your Domain + \ as displayed below
DO NOT FORGET to add the backslash
If you want you can view all users which will be fixed by click on the View button.
After reviewing, click “Fix Selected Users” or “Fix All Users”
In the “New users” section, click View button and check all users in Person ID column has the Domain\UserName, after that, click the “Add All Users” button
Run the Create RACI for your Universe
Run the Synchronize RACI
14) Open Identity Governance Client Tool and open the Eurekify.cfg file, now all users were imported and the PersonID were updated with Prefix (Domain)
15) With this configuration done we can enable AD Authentication, below the Properties you need to change to enable AD Authentication.
Set the following properties through the Identity Governance Portal under Administration=> Settings => Properties Settings:
You MUST have a Login ID filed in the UDB with the domain name (example: domain\chrislee)
When logging in, the user MUST provide the Login ID (example: domain\chrislee)
Note: For all properties above, change the Property Value and after that change the Type to Database Property as displayed below, and click the Save button.
Now, Log out and Log in with your Active Directory user using Domain\User