Directory Integration
This option is used to generate certificates for Active Directory users. Once configured, there is an automatic process that synchronizes it with Active Directory. When a new user is added to Active Directory, ADSS Server automatically generates a key pair and issues a certificate for the user. If a user is deleted from an Active Directory, then, their certificate status will be changed to revoked with an unspecified reason.
By clicking on Directory Integration, a list of the current configured Active Directories is shown:
Options are also available to sort the tables based on the different criteria and also by ascending and descending order.
To configure a new Active Directory, click the + button and the following screen is shown:
Enter all of the required details and then click Save. The configuration items are as follows:
Items |
Description |
Status |
A profile can be marked Active or Inactive. An inactive profile will be ignored. |
Domain Name |
Provide the domain information of the Active Directory for the ADSS Server to establish the connection. |
Domain Description |
This can be used to describe the domain information in more detail e.g. for which department this directory is configured etc. |
Machine Name |
The name or IP address of the system where Active Directory is deployed. |
Use TLS |
Enable this option to establish the connection between the Active Directory and ADSS Server over TLS server authentication. |
Port |
Set the communication port for Active Directory. The default port is 389 for HTTP and 636 for HTTPS. |
Directory Administrator |
Enter the username of the Active Directory administrator (So that ADSS Server can login and get the user data. |
Password |
Provide the password for the Active Directory administrator. |
Synchronize after every |
This field shows the certification service URL of a DVCA that will be sent to domestic SPOC in each request. If the domestic SPOC is operating in asynchronous mode where requests are approved after proper vetting, it would provide the requested certificate(s) on this URL after approval of the admin. |
Connection Timeout |
Specify the Active Directory connection timeout in seconds. |
Number of Retries |
Specify the number of connection retries. |
Client ID |
Specify the Client ID to be used with ADSS Server. |
Certification Profile |
Specify the Certification Profile to be used to generate the certificate for the Active Directory users. Note: If Certification Profile configured with HSM is selected, then the required certificates will not be generated for Active Directory users. |
The Active Directory user certificates MUST provide their domain user password in the request to Signing Service for document signing. |
Clicking on the Search button on Directory Integration page will display following screen:
This helps to locate a particular domain, administrator and client ID. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.
See also