Active Directory Integration with AuthNull

Introduction

Active Directory (AD) is a Microsoft technology used to manage computers and other devices on a network. Integrating Active Directory with AuthNull allows organizations to utilize AD credentials for endpoint authentication. When a user is onboarded into the AuthNull platform, they are automatically provided with a Decentralized Identifier (DID) and an Active Directory Verifiable Credential (AD VC) is sent to their wallet.

Video guide: Use the video guide to complete your steps.


How Active Directory Integration Works

The AuthNull Active Directory Agent acts as a secure conduit, seamlessly connecting AuthNull with your Active Directory domain. This integration enhances access management, streamlines user import, and facilitates delegated authentication. The AuthNull Active Directory Agent serves as a secure connector, facilitating seamless integration between AuthNull and your Active Directory domain. This bridge empowers AuthNull with user import and delegated authentication capabilities, enhancing your privileged access management strategy.

Prerequisites

  • An active AuthNull administrator account.
  • Access to your Active Directory domain with appropriate permissions.

Registration and Configuration

  1. Navigating to Active Directory Integration: Log in to the AuthNull dashboard using your administrator credentials and navigate to the ‘Directory’ section. Then, select ‘Active Directory’.
  2. Registering the Active Directory Agent: Look for the ‘Add Directory’ option in the top right and click to initiate the registration process.
  3. Entering Domain Details: Provide your Active Directory domain name and server address.
  4. Configuring Synchronization Settings: Get configuration settings (a config file).
  5. Download and execute a powershell script in a machine close to the Active Directory Domain controller: Use a machine close to the domain controller to execute the agent so that the agent can synchronize the users and groups from the active directory.
  6. Validate active directory users: Validate active directory users by looking at the users list in the “Directory” tab of AuthNull.

The active directory agent does the following

  • Discover all privileged accounts
  • Discover all privileged account based policies
  • Discover all authentication that is happening
  • Enable password rotations for credentials based on password policy.
  • Enable password rotations for users who are checked out on a per policy basis.

Authenticating into an Endpoint

When users attempt to log into the endpoint using their AD username, the wallet shares the AD VC for authentication. Users can:

  • Accept the “Share credential” request from their wallet to authenticate.
  • Decline to reject the authentication request.

Table of contents