Home Page > Technical > LDAP / Active Directory

LDAP / Active Directory

Overview

OpenAsset supports LDAP/Active directory integration. To manage LDAP/Active directory in OpenAsset, go to "Manage" then "Setting" and then click on the LDAP/Active directory link under "Security."
 

 

 

LDAP / Active Directory

OpenAsset can integrate seamlessly with Active Directory (AD) to perform the following tasks:
  • Authenticate passwords
  • Automatically detect new users and create access privileges for OpenAsset
  • Find users in an unlimited number of AD folders
  • Log users straight in with single sign-on
 
If OpenAsset is set up to talk to Active Directory then your users will need to enter their normal Windows passwords, these will stay in sync when they are forced to change them.
 
OpenAsset supports any LDAPv3 compliant directory server, which includes AD for server 2000 & 2003. AD integration only takes minutes to set up through a web interface.
 
The following information about each of your AD domains is summarised:
  • Domain – AD domain
  • Address – AD IP address
  • Status
  • Enabled

 

Edit Domain

Select "LDAP / Active Directory" from the security menu. To edit a domain click "Edit" 
 
The following items can be edited:
  • Name – Locked
  • Primary server address:port (optional)
  • Secondary address:port (optional)
  • Base path
  • Management account
  • Password
  • Username field
  • Full name field
  • Use TLS encryption
  • Email field
  • Enabled
 
 
Click "Save Changes" to save you changes. 
 

Add New Container

Containers can be very useful if your company has more than one branding style. Containers can be used to set up "themes", "templates" and other preferences for different branding needs within one company. For example, if you have offices in more than one country, the branding may be different for each office.

To add a new container to the AD domain click "Add New Container". Enter the name of the new container and click 'save' to save you changes. This will take you to the next screen, make any changes needed, at this stage you can ask OpenAsset to look in any sub-containers by ticking the "Include Sub-containers" box.

Click "Save Changes".

 

Edit Container

To edit a container click 'edit'. The following items can be edited:

  • Path
  • Filter
  • Include sub containers
 
It is not usually necessary to set the default groups according to LDAP / Active Directory containers, it is often sufficient to set the global default groups.
 

LDAP Container Search Order

The “display order” field for an LDAP / Active Directory container allows you to control the order in which containers are searched when locating a user account.
 

Multiple LDAP Domains

If you have more than one LDAP / Active Directory domain please contact support for guidance on configuration.

 

OpenAsset Cloud SSO Set-Up

Azure Cloud Set-Up

In order to setup Single Sign On with Microsoft Azure Active Directory you will need to have your on-premise Active Directory users synced with Azure. A subscription to Office365 provides you with an Azure AD cloud instance that you can use to administer your user accounts. You can also use the below tool to syncronise you on-premise AD accounts to your Azure cloud instance: https://azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnect/#install-azure-ad-connect

 

NOTE: If your on-premise domain uses a non-routable domain (such as .local domain) you'll need to convert this to a verified domain (like billa@contoso.com) in order to properly sync with Azure Active Directory (Office365)

 

 

Once you have you accounts in Azure AD you can then use these accounts to log into OpenAsset Cloud using the OAuth 2.0 SSO integration.

 

  1. Log into https://portal.azure.com

  2. On the left hand menu select 'More Services' then select 'Azure Active Directory'

 

 

  1. Now select 'App Registrations'

 

 

  1. Click 'Add' to create a new app called OpenAsset. Set the Application Type to 'Web app/API' and enter the sign on URL as https://company.openasset.com/OAuth [replace company with how your company name appears in your OpenAsset domain name]

 

 

The app OpenAsset will be created. Make a note of the Application ID:

 

 

  1. Next click on Keys and enter a new Key Description i.e. OpenAsset. Then enter a expiry date of 2 years

 

 

When you click Save, the Key Value will be displayed. MAKE A NOTE OF THIS VALUE AS IT WILL NOT BE DISPLAYED AGAIN ONCE YOU NAVIGATE AWAY

 

Once you have made a note of the key value and expiry date go back to App Registrations and click on Endpoints:

 

 

You want to make note of the following bits of information:

  • Azure AD Graph API Endpoint
  • OAuth 2.0 Token Endpoint
  • OAuth 2.0 Authorization Endpoint

 

The setup on the Azure side is now complete and you should have 5 bits of information:

  • Azure AD Graph API Endpoint
  • OAuth 2.0 Token Endpoint
  • OAuth 2.0 Authorization Endpoint
  • The Application ID
  • Key Value and Expiry Date

 

Send these 5 bits of information back to OpenAsset (support@openasset.com) and we can then setup the connection to Azure on the OpenAsset side.

 

Once this is setup, your Support Engineer will be in contact to talk you through the process of signing on.

 

Related

Technical
Install requirements, LDAP, Active Directory, AssetBar .msi, backup procedures, and other technical details. If you can't find what you are looking for in this knowledge base then please feel free to reach out to us at support@axomic.com.
Administration
Learn how to manage users and group permissions, home page settings, image sizes, custom fields and more.
Access Filters
Browsers
Groups
Reports
Single Sign-On
User Creation for OpenAsset Cloud
Users
Last modified
20:22, 20 Sep 2017

Tags

Classifications

This page has no classifications.