Create an Active Directory Connector

The Active Directory connector allows SigningHub to connect with an organisational Active Directory to authenticate users both at the time of login and at the time of signing. By using this connector, the SigningHub users can authenticate themselves by using their (same) Active Directory account credentials.

SigningHub Rest APIs, Mobile Apps and Mobile web use kerberos token for Active Directory authentication.

SigningHub Desktop Web uses NTLM tokens (Integrated windows authentication), so the username and password will not be required in an AD connector, if it is to be used only for SigningHub Desktop Web.

LDAP (Lightweight Directory Access Protocol) uses to query data from Active Directory. LDAP queries are generated on behalf of a superior domain user that should have permissions, to connect to the LDAP directory, search the users based on UID and password, and read the Security Group or OU of the users. For such cases the username and password are required in their AD connector.

Create an Active Directory connector

Click the "Configurations" option from the left menu.
Click the "Connectors" option.
The "Connectors" screen will appear.
Click from the grid header.
A dialog will appear to add the connector details. The connector dialog is comprised of two screens, i.e. Basic Information and Details. Specify the basic information and click the "Next" button to provide the respective connector details.

Click the "Finish" button. A new connector will be saved and displayed in the list. See the below table for fields description.

Active Directory Connector
Fields	Description
Name	Specify a unique name for this connector, i.e. My Active Directory. This connector will be used in the configuration of Authentication Profiles.
Provider	Select the provider for this connector, i.e. "Active Directory".
Purpose	This field will display the purpose of the selected provider above, i.e. the purpose of "Active Directory" is "Authentication".
Domain Controller Host	Specify the Active Directory host server name or IP address, e.g. Server-PDC or 192.168.0.150 SigningHub will use this address to connect with the Active Directory server (Domain Controller) for End-user Authentication, Contact Syncing, and AD Provisioning.
Port	Specify the LDAP server port number to connect SigningHub with Active Directory. The default LDAP port is 389.
User ID	Specify a user ID to connect with the Domain Controller host server, e.g. Peter.Kavin, as shown in the image below. This domain user does not necessarily need to have administrator rights in Active Directory. Here are the important considerations about the user connecting with the Domain Controller: Must exist in Active Directory, i.e. a valid Active Directory user. Must be an active user of Active Directory, i.e. should not be set as disabled. Must have the "Read" permissions on Active Directory to read the Security Groups and email addresses of all the users. This domain user is required to connect with Active Directory Domain Controller Host Server, when using LDAP to query information in Active Directory. SigningHub uses LDAP in the following two cases: Inside SigningHub API, where these APIs are used by SigningHub Mobile Web and SigningHub Native Apps. Inside SigningHub Core for Active Directory Synchronization thread. However for SigningHub Desktop Web, Windows Authentication is used which can work even without providing this user information. Moreover, when you need Active Directory authentication for SigningHub Desktop Web, the users to be authenticated should be the part of the same domain where SigningHub has been deployed, e.g. if the users belong to the "Ascertia" domain, then SigningHub should also be deployed on the "Ascertia" domain.
User Password	Specify the user password to access the Domain Controller host server. This password is of the same user which has been provided above. It will be used in LDAP to query information in Active Directory for SigningHub Mobile Web, SigningHub Native Apps and SigningHub Core.
Active	Tick this check box to make this connector active. Inactive connectors cannot be configured in the Authentication Profiles.

While configuring the Active Directory connector, the ports (i.e. 389 on non SSL and 663 on SSL) must be opened between the SigningHub and Active Directory servers. Also ensure that two way communication between SigningHub and the Active Directory must be enabled to send/get the response for authenticating a user.