Active Directory Validation
Created by Orckestra
Active Directory Validation User Guide
- Introduction
- Creating a CMS Console Admin for an Active Directory user
- Installing the add-on
- Setting Basic Authentication in IIS
- Logging in to the CMS Console with AD credentials
- Matching Active Directory and CMS Console users
- Using a Trial Version
Creating a CMS Console Admin for an Active Directory user
For the Active Directory user validation to work instead of the standard CMS Console validation, you should match Active Directory users and CMS Console users.
To match them, you need to have the users with the same usernames in both Active Directory and the CMS Console. You can either create an Active Directory user to represent the existing CMS Console user, or create a CMS Console user to represent an Active Directory user. The former is a less common scenario so this guide will focus on the latter scenario.
After implementing Active Directory user validation for the CMS Console, the standard admin account will most likely stop working (unless you have the AD account with the same user name)
To be able to administrate the CMS Console, you should have at least one CMS Console user with the administrative permissions that has the same username as an existing AD user.
You should make sure that such a user exists in the CMS Console before installing the Active Directory Validation add-on.
- In the System perspective, make sure that the "Administrator" group exists.
Figure 2: The Administrator group
- Otherwise, create a user group with at least:
- the "Administrate" and “Configure” global permissions enabled and
- access to the “System” perspective
Figure 3: The user group with administrative permissions
- In the “System” perspective, add a user:
- Name: specify the username of an existing Active Directory user.
- Password: specify any password.
- Fill out other fields as needed and click OK.
Figure 4: Creating an administrator in the CMS Console
- Assign this user the Administrators group on the Permission tab.
Figure 5: Assigning the administrator group to the user
Important: You should specify the AD username without the domain prefix. For example, if the AD user is 'contoso\cms-admin', create a user named 'cms-admin'.
Note: You can specify any password as it will be ignored and not be used with the Windows authentication.
Later you can create other CMS Console users to match other AD users.