AD Internal Hybrid
AD Internal Hybrid
Watch the videoAD/Internal User Source
The Active Directory/Internal Hybrid authentication profile type combines the Internal User Source type with the Active Directory User Source type. Active Directory is used to find all of the users, and to check their credentials when they attempt to log in. However, it allows assigning of roles, contact info, and other meta-information about a user through Ignition, then stores all this information as if it were an Internal User Source. This way, Active Directory can be consulted to see if a username/password is valid, but the management of roles does not require coordination with your IT Department, who typically controls the Active Directory system. This "best of both worlds" approach is popular for many users of Active Directory.
The AD/Internal Hybrid User Source is partially manageable in Ignition. Users cannot be added or removed, and their usernames and passwords cannot be changed. This is because this information resides in Active Directory, not within Ignition. Other information, such as user roles, contact info, schedules, are manageable in Ignition.
Before you can use the User Management component to manage roles, contact info, etc., you first have to go into Gateway Settings, and mark the checkbox to Allow User Admin. This allows for the administration of the Gateway's system user source from the Designer and the Client. Unless this is enabled, the Vision Module's User Management component is prevented from modifying the Gateway system's user source.
Property Reference
This User Source shares many properties with the AD User Source. Please see the Active Directory Authentication page for a list of properties.
Creating an AD/Internal Hybrid User Source
To set up an AD/Internal Hybrid User Source, you must specify the host that is acting as your primary domain controller. You can also use a secondary domain controller in case the primary is unavailable. You'll also need to specify the name of the domain and credentials for the Gateway itself to use for authentication for when it queries the list of roles.
When using AD/Internal Hybrid User Source, you may need to consult with your internal IT Department to get the required information to complete your user source setup.
- On the Gateway webpage, under the Configure section, go to Security > Users, Roles.
The User Sources page will be displayed. Click the blue arrow, Create new User Source. - Choose the AD/Internal Hybrid authentication type, and click Next.
- The New User Source window will open. Some properties are optional depending on how you setup your profile.