Directory Integration

This option is used to generate certificates for Active Directory users. Once configured, there is an automatic process that synchronizes it with Active Directory. When a new user is added to Active Directory, ADSS Server automatically generates a key pair and issues a certificate for the user. If a user is deleted from an Active Directory, then, their certificate status will be changed to revoked with an unspecified reason.

By clicking on Directory Integration, a list of the current configured Active Directories is shown:

Options are also available to sort the tables based on the different criteria and also by ascending and descending order.

To configure a new Active Directory, click the New button and the following screen is shown:

Enter all of the required details and then click Save. The configuration items are as follows:

Items	Description
Status	A profile can be marked Active or Inactive. An inactive profile will be ignored.
Domain Name	Provide the domain information of the Active Directory for the ADSS Server to establish the connection. The domain name should be entered as My_Test.Local if the domain name is: DN=My_Test,DN=Local.
Domain Description	This can be used to describe the domain information in more detail e.g. for which department this directory is configured etc.
Machine Name	The name or IP address of the system where Active Directory is deployed.
Use TLS	Enable this option to establish the connection between the Active Directory and ADSS Server over TLS server authentication.
Port	Set the communication port for Active Directory. The default port is 389 for HTTP and 636 for HTTPS. Enter the correct port number for the Active Directory being configured.
Directory Administrator	Enter the username of the Active Directory administrator (So that ADSS Server can login and get the user data.
Password	Provide the password for the Active Directory administrator.
Synchronize after every	This field shows the certification service URL of a DVCA that will be sent to domestic SPOC in each request. If the domestic SPOC is operating in asynchronous mode where requests are approved after proper vetting, it would provide the requested certificate(s) on this URL after approval of the admin.
Connection Timeout	Specify the Active Directory connection timeout in seconds.
Number of Retries	Specify the number of connection retries.
Client ID	Specify the Client ID to be used with ADSS Server.
Certification Profile	Specify the Certification Profile to be used to generate the certificate for the Active Directory users. Note: If Certification Profile configured with HSM is selected, then the required certificates will not be generated for Active Directory users.

The Active Directory user certificates MUST provide their domain user password in the request to Signing Service for document signing.

Clicking on the Search button on Directory Integration page will display following screen:

This helps to locate a particular domain, administrator and client ID. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.