Create and Edit Directory Credentials

A directory credential is required for querying Active Directory (AD), Azure AD, and LDAP. It is also required for adding AD, Azure AD, and LDAP groups and users in BeyondInsight. Follow the steps below for creating each type of directory credential.

Before you can create an Entra ID credential, you must first register and configure permissions for an application in the Entra ID tenant where the user credentials reside. For more information, please see Register and Configure an Application in Entra ID.

Before you can create an Azure AD credential, you must first register and configure permissions for an application in the Azure AD tenant where the user credentials reside. For more information, please see Register and Configure an Application in Azure Active Directory.

To create a directory credential in BeyondInsight:

  1. Navigate to Configuration > Role Based Access > Directory Credentials.
  2. Click Create New Directory Credential.
  3. Follow the steps in the applicable section below, based on the type of directory you are creating.

Create an Active Directory Credential

New Directory Credential form with Active Directory selected for the Directory Type.

  1. Select Active Directory for the Directory Type.
  2. Provide a name for the credential.
  3. Enter the name of the domain where the directory and user credentials reside.
  4. Enable the Use SSL option to use a secure connection when accessing the directory.

If Use SSL is enabled, SSL authentication must also be enabled in the BeyondInsight configuration tool.

  1. Enter the credentials for the account that has permissions to query the directory.
  2. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

Only one credential can be set for group resolution per domain or server.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click CreateCredential.

 

Create an LDAP Credential

New Directory Credential window with LDAP selected for the Directory Type

  1. Select LDAP for the Directory Type.
  2. Provide a name for the credential.
  3. Enter the name of the LDAP server where the directory and user credentials reside.
  4. Enable the Use SSL option to use a secure connection when accessing the directory.

If Use SSL is enabled, SSL authentication must also be enabled in the BeyondInsight configuration tool.

  1. Enter the credentials for the account that has permissions to query the directory.
  2. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

Only one credential can be set for group resolution per LDAP server.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Create Credential.

 

Create an Entra ID Credential

New Directory Credential window with Azure Active Directory sAelected for the Directory Type

  1. Select Entra ID for the Directory Type.
  2. Provide a name for the credential.
  3. Paste the Client ID, Tenant ID, and Client Secret that you copied when registering the application in your Azure AD tenant.
  4. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

Only one credential is supported per Azure AD tenant.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

 

Edit a Directory Credential

  1. From the Directory Credentials grid, click the vertical ellipsis for the credential, and then select Edit.

Edit Directory Credential

  1. Make the changes required.

For AD or LDAP credentials, if you change the Domain or LDAP Server, enable or disable the Use SSL option, or update the Username or Bind DN, you must change the password. Click Change Password to display fields to enter and confirm the new password.

  1. Click Test Credential to ensure the edited credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

 

To use Azure Active Directory credentials for logging into BeyondInsight, the accounts must use SAML authentication. For more information on configuring Azure AD SAML with BeyondInsight, please see Configure Azure Active Directory SAML with BeyondInsight SAML.