Creating an AD/Database Hybrid User Source
- On the Gateway Webpage, under the Config tab, go to Security > Users, Roles.
The User Sources page will be displayed. Click the blue arrow, Create new User Source.
Choose the AD/Database Hybrid authentication type, and click Next.
May need to contact your internal IT Department for..
When using AD/Database Hybrid User Source, you may need to consult with your internal IT Department to get the required information to complete your user source setup.
The New User Source window will open. Some properties are optional depending on how you set up your profile. Details on the Main Properties can be found on the User Sources page. The Active Directory Properties and Database properties are listed in the tables below.
- Click Create New User Source to save the new user source.
Active Directory Properties
The Windows Domain your active Active Directory server is running on. If you aren't sure of your domain, ask your network administrator.
Leave blank to set advanced properties manually.
|Primary Domain Controller Host||The IP address or hostname of your primary domain controller. Example: "192.168.1.4" or "MainServer"|
|Primary Domain Controller Port||The port number for the primary domain controller's LDAP interface.|
|List Users from Active Directory||If true, Active Directory will be queried for the list of all users. If false, users must be added manually. (Default is true.)|
|Gateway Username||The login name for the Gateway to use when querying Active Directory. Used for retrieving the list of users and roles via LDAP.|
|Password||The password for the above username.|
|Password||Re-type password for verification.|
Whether or not to use Single-Sign-On (SSO) to authenticate AD users. Note that projects must also have this option enabled for SSO to work. (Default is false.)
|SSO Domain||The domain that Windows users must match in order to use SSO. If blank, the main "Domain" property will be used.|
Dropdown list. Choose the database connection this authentication profile will use.
|User Properties Query|
A query that returns the basic properties for a single user. Supported return columns are [username, firstname, lastname, schedule, language, notes].
|Role List Query||A query that returns all possible roles that any user could have. The role names must be returned in the first column of the query's results|
|User's Roles Query||A query that returns all of the roles that the provided user belongs to. The roles must be strings (i.e., the role names), and must be in the first column of the query's results. The username will be inserted into this query as a parameter.|
|Contact Info Query||A query that returns all of the contact info for the user. The first column must be the contact type, the second column the contact value, and the third column the name of a schedule. Optional, may be blank.|
|Schedule Adjustment Query||A query that returns the upcoming schedule adjustments for the user. Columns must be Start(date), End(date), Available(boolean), Note(string). Optional, may be blank.|
|Extra Properties Query||A query that returns name, value pairs of extra properties for the user. Will be run with one parameter: the username. Optional, may be blank.|
|List Users Query||A query that returns a row containing each username. Only used if "List Users from Active Directory" is false. There must be at least one column: the username. Other columns are optional, supported columns are: [username, firstname, lastname, schedule, language, notes].|
An ordered list of space-separated mechanism names. The LDAP provider will use the first mechanism for which it finds an implementation. A blank value will leave this setting unspecified. (Default is
|Realm||A realm defines the namespace from which the user is selected. A blank value will leave this setting unspecified. This setting will only be used by mechanisms which support it. (Default is blank.)|
|Quality of Protection|| A comma-separated list of Quality-of-Protection (QoP) values, the order of which specifies the preference order. There are three well-known values: "auth" (authentication only), "auth-int" (authentication with integrity protection), and "auth-conf" (authentication with integrity and privacy protection). A blank value will leave this setting unspecified. This setting will only be used by mechanisms which support it. (Default is |
|Protection Strength|| A comma-separated list of privacy protection strength values, the order of which specifies the preference order. The three possible strength values are "low", "medium", and "high". A blank value will leave this setting unspecified. This setting will only be used by mechanisms which support it. (Default is |
|Mutual Authentication||Enable or disable mutual authentication. This setting will only be used by mechanisms which support it. (Default is disabled.)|