Create and Edit Directory Credentials

A directory credential is required for querying Active Directory (AD), LDAP, and Azure AD, and also for adding AD, LDAP, and Azure AD groups and users in BeyondInsight. Follow the steps below for creating each type of directory credential.

Before you can create an Azure AD credential, you must first register and configure permissions for an application in the Azure AD tenant where the user credentials reside. For more information, please see Register and Configure an Application in Azure Active Directory.

  1. Navigate to Configuration > Role Based Access > Directory Credentials.

Screenshot of Create New Directory Credential button on the Directory Credentials page.

  1. Click Create New Directory Credential.

 

  1. Follow the steps in the below sections based on the type of directory you are creating.

Create an Active Directory Credential

Screenshot of the New Directory Credential window with Active Directory selected for the Directory Type

  1. Select Active Directory for the Directory Type.
  2. Provide a name for the credential.
  3. Enter the name of the domain where the directory and user credentials reside.
  4. Enable the Use SSL option to use a secure connection when accessing the directory.

If Use SSL is enabled, SSL authentication must also be enabled in the BeyondInsight configuration tool.

  1. Enter the credentials for the account that has permissions to query the directory.
  2. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

Only one credential can be set for group resolution per domain or server.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

 

Create an LDAP Credential

Screenshot of the New Directory Credential window with LDAP selected for the Directory Type

  1. Select LDAP for the Directory Type.
  2. Provide a name for the credential.
  3. Enter the name of the LDAP server where the directory and user credentials reside.
  4. Enable the Use SSL option to use a secure connection when accessing the directory.

If Use SSL is enabled, SSL authentication must also be enabled in the BeyondInsight configuration tool.

  1. Enter the credentials for the account that has permissions to query the directory.
  2. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

Only one credential can be set for group resolution per LDAP server.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

 

Create an Azure Active Directory Credential

Screenshot of the New Directory Credential window with Azure Active Directory selected for the Directory Type

  1. Select Azure Active Directory for the Directory Type.
  2. Provide a name for the credential.
  3. Paste the Client ID, Tenant ID, and Client Secret that you copied when registering the application in your Azure AD tenant.
  4. Enable the Use Group Resolution option to use this credential for resolving groups from the directory.

Only one credential is supported per Azure AD tenant.

  1. Click Test Credential to ensure the credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

 

Edit a Directory Credential

  1. From the Directory Credentials grid, click the vertical ellipsis for the credential, and then select Edit.

Screenshot of Configuration > Role Based Access > Edit Directory Credential

  1. Make the changes required.

For AD or LDAP credentials, if you change the Domain or LDAP Server, enable or disable the Use SSL option, or update the Username or Bind DN, you must change the password. Click Change Password to display fields to enter and confirm the new password.

  1. Click Test Credential to ensure the edited credential can successfully authenticate with the domain or domain controller before saving the credential.
  2. Click Save Credential.

 

To use Azure Active Directory credentials for logging into BeyondInsight, the accounts must use SAML authentication. For more information on configuring Azure AD SAML with BeyondInsight, please see Configure Azure Active Directory SAML with BeyondInsight SAML.