Pre-authorize Active Directory users

Parent Previous Next

When using an on-premises installation, SigningHub gives you an option to pre-authorise your Active Directory users so that they may serve as your registered enterprise users.  For this, the users to be authenticated should be the part of the same domain where SigningHub has been deployed, e.g. if the users belong to the "Ascertia" domain, then SigningHub should also be deployed on the "Ascertia" domain. 

In this way, your enterprise users can use their Microsoft Active Directory credentials (i.e. organizational domain user ID and password) for SigningHub authentication, and wont even need to create their SigningHub IDs. 

Pre-authorise your Active Directory users 

  1. Browse your local on-premises installation URL.
  2. Login with your enterprise admin credentials.
  3. Click your profile drop down menu (available at the top right corner).
  4. Click the "Enterprise Settings" option. 
  5. Click the "Users" option from the left menu.
  6. Click the "Active Directory Users" tab.
  7. Tick the "Automatically register Active Directory users" check box.
  8. The "Active Directory Authentication Profile" field will appear, listing all the Active Directory Authentication profiles configured in SigningHub Admin console. Select the required authentication profile from the list.
  9. Click the "Save" button.
    All the Active Directory users that belong to the selected authentication profile, will be automatically registered and activated in SigningHub under the default SigningHub role, provided that provisioning is not enabled by any other enterprise within the same on-premises deployment. 



    This implies, if multiple enterprises have been configured within an on-premises deployment, then the "Automatically register Active Directory users" check box should be ticked for only one enterprise.


You can also give the role based access of SigningHub (i.e. Enterprise Admin, or Enterprise Users, etc) at Active Directory security groups level. SigningHub allows you to manage (Add, Edit, and Delete) the Active Directory Security Groups from the same screen.


Assign a custom role to an Active Directory security group

  1. Click  from the Active Directory Security Group grid header. The "Add Active Directory Security Group" dialog will appear.
  2. Select the required security group from the "Active Directory Security Group" field. These security groups are defined in the Active Directory Authentication profiles configured in SigningHub Admin console. 
  3. Now select a role to assign to this security group and click the "Save" button.
    The default role is shown automatically selected for the security group, change it as required.


The added security group will be listed inside the Active Directory Security Group grid. All the Active Directory users that belong to this security group will be automatically registered and activated in SigningHub under the specified role.
Once all the security groups inside your (selected) Active Directory authentication profile (see the point 8 above) are added in the grid, the  button will be disabled.


Edit the assigned role of an Active Directory security group

  1. Move to the security group whose role is required to edit and click  adjacent to it. 

  2. Edit the assigned role from the next appearing dialog.
  3. Click the "Save" button.


Delete the assigned role and Active Directory security group association

  1. Select the security group(s) to delete and click  adjacent to it. 

When using Active Directory authentication for SigningHub Desktop Web, the users to be authenticated should be the part of the same domain where SigningHub has been deployed, e.g. if the users belong to the "Ascertia" domain, then SigningHub should also be deployed on the "Ascertia" domain.