The Active Directory connector allows SigningHub to connect with an organisational Active Directory to authenticate users both at the time of login and at the time of signing. By using this connector, the SigningHub users can authenticate themselves by using their (same) Active Directory account credentials.

SigningHub Rest APIs, Mobile Apps and Mobile web use kerberos token for Active Directory authentication. 

SigningHub Desktop Web uses NTLM tokens (Integrated windows authentication), so the username and password will not be required in an AD connector, if it is to be used only for SigningHub Desktop Web.

LDAP (Lightweight Directory Access Protocol) uses to query data from Active Directory. LDAP queries are generated on behalf of a superior domain user that should have permissions, to connect to the LDAP directory, search the users based on UID and password, and read the Security Group or OU of the users. For such cases the username and password are required in their AD connector.

Create an Active Directory connector

  1. Click the "Configurations" option from the left menu.
  2. Click the "Connectors" option. 
    The "Connectors" screen will appear.
  3. Click  from the grid header.

  4. A dialog will appear to add the connector details. The connector dialog is comprised of two screens, i.e. Basic Information and Details. Specify the basic information and click the "Next" button to provide the respective connector details. 
  5. Click the "Finish" button. A new connector will be saved and displayed in the list. See the below table for fields description. 


Active Directory Connector

Fields

Description

Name

Specify a unique name for this connector, i.e. My Active Directory. This connector will be used in the configuration of Authentication Profiles.

Provider

Select the provider for this connector, i.e. "Active Directory".    

Purpose

This field will display the purpose of the selected provider above, i.e. the purpose of "Active Directory" is "Authentication".

Logo

Select an appropriate image in the jpeg, jpg, gif or png format for the connector's logo that will be displayed on the login screen.

Domain Controller Host

Specify the Active Directory host server name or IP address, e.g. Server-PDC or 192.168.0.150
SigningHub will use this address to connect with the Active Directory server (Domain Controller) for End-user Authentication, Contact Syncing, and AD Provisioning.   

Port

Specify the LDAP server port number to connect SigningHub with Active Directory. The default LDAP port is 389. 

While configuring the Active Directory connector, the ports (i.e. 389 on non SSL and 663 on SSL) must be opened between the SigningHub and Active Directory servers. Also ensure that two way communication between SigningHub and the Active Directory must be enabled to send/get the response for authenticating a user.

User ID

Specify a user ID to connect with the Domain Controller host server, e.g. Peter.Kavin, as shown in the image below.
This domain user does not necessarily need to have administrator rights in Active Directory. Here are the important considerations about the user connecting with the Domain Controller:

  • Must exist in Active Directory, i.e. a valid Active Directory user.
  • Must be an active user of Active Directory, i.e. should not be set as disabled.
  • Must have the "Read" permissions on Active Directory to read the Security Groups and email addresses of all the users.
      

​This domain user is required to connect with Active Directory Domain Controller Host Server, when using LDAP to query information in Active Directory. SigningHub uses LDAP in the following two cases:

  • Inside SigningHub API, where these APIs are used by SigningHub Mobile Web and SigningHub Native Apps.
  • Inside SigningHub Core for Active Directory Synchronization thread.

However for SigningHub Desktop Web, Windows Authentication is used which can work even without providing this user information. Moreover, when you need Active Directory authentication for SigningHub Desktop Web, the users to be authenticated should be the part of the same domain where SigningHub has been deployed, e.g. if the users belong to the "Ascertia" domain, then SigningHub should also be deployed on the "Ascertia" domain.   

User Password

Specify the user password to access the Domain Controller host server.
This password is of the same user which has been provided above. It will be used in LDAP to query information in Active Directory for SigningHub Mobile Web, SigningHub Native Apps and SigningHub Core. 

Active

Tick this check box to make this connector active. Inactive connectors cannot be configured in the Authentication Profiles.




See Also