Kiwire 2.0 Documentation

  1. Home
  2. Docs
  3. Kiwire 2.0 Documentation
  4. Integrations
  5. Active Directory

Active Directory

Authentication

The integration module for Microsoft Active Directory lets you authenticate user authentication via their credential with your existing Microsoft Windows server active directory.  In Active Directory, objects are organised in a number of levels such as domains, trees and forests. At the top of the structure is the forest. A forest is a collection of multiple trees that share a common global catalogue, directory schema, logical structure, and directory configuration. In a multi-domain forest, each domain contains only those items that belong in that domain. Global Catalog servers provide a global list of all objects in a forest. Kiwire allow you to map active directory user associated groups with a local Kiwire profiles.

How it Works
  1. User send credential to Kiwire, which itself will connect to Microsoft Active Directory services and perform authentication on behalf.
  2. If request is to primary forest tree domain, active directory will check with its domain for correct node to perform authentication.
  3. Active directory will revert the authentication status.
  4. A locally assigned profile will attached to the user’s authentication. Kiwire will send the local assign profiles to NAS and let user connect to network.
  5. The profile and authorisation will be send to the NAS and user will be able to connect.

For Kiwire to authenticate with your Microsoft Active Directory, you are required to provide a read only domain administrator privileges account in order to authenticate user active directory credential.

Manage Active Directory Connection

To access the active directory module click on Integrations > Active Directory from the navigation. This includes main and mapping for Kiwire platform.

* NOTE : Please save this setting before click on test.

The listed fields and its meaning are:

FieldFunction
Domain ControllerHostname or IP Address of active directory server.* NOTE : Please ensure Kiwire is using the active directory DNS setting to ensure compatibility.
Account SuffixAccount suffix for your domain.E.g : @mydomain.local
Domain Admin UsernameThe account that have administrator access level to the active directory.
Domain Admin PasswordThe password of the administrator access account.
Base DNThe user and group base DN.*Optional* Your base dn can be located in the extended attributes in Active Directory Users and Computers MMC.E.g : DC=mydomain,DC=local
Link With ProfileDefault profile assign to active directory users login. However you can map active directory users groups with local profile using the group mapping function, user group that are not mapped will be default to the default profile.
Zone RestrictionDefault zone restriction assign to user that login thru active directory when they login. Leave it to “None” if you do not wish to assign restriction to users.
EnabledEnable or disable this function.
* NOTE : You can use Diagnostic Active Directory to verify if your configuration are successful. If there is connection or credential issue the error will be displayed. To determine your Base DN, please refer to your active directory setup.

Active Directory Mapping

One of Kiwire new feature is capability to map active directory users groups with a local profile. This allow you assign relative local profile such as different groups with different profiles. The mapping screen will list all associated active directory groups [Group name] with the local profile [Link to profile]. If a user is a member of multiple groups, the priority will determine which profile the user will be assigned to. Please save the active directory configuration prior using the Mapping function.

The listed fields and its meaning are:

FieldFunction
Group NameThe name of the group mapping.
Link to ProfileThe local profile assign to the selected group.
StatusStatus of the group mapping whether enable or disable.
PriorityThe priority of the group mapping order, used when users is member of multiple groups.
Zone RestrictionDefault zone restriction assign to user that login.
ActionModules action :  To edit the setting of the group mapping.  To delete the group mapping.

Create Group Mapping

To create a group mapping, click on “Create Group Mapping” button and populate the required fields. Fill in the field with relevant information to complete the process.

The listed fields and its meaning are:

FieldFunction
Group NameClick on the select box, Kiwire will connect to the active directory server and load the available group from active directory services.
Link to ProfileThe local profile assign to the selected group.
StatusEnable or disable the mapping.
PriorityThe priority of the group mapping order , used when users is member of multiple groups.
Zone RestrictionDefault zone restriction assign to user that login. Leave it to “None” if you do not wish to assign restriction to users.
ActionModules action :  To edit the setting of the group mapping.  To delete the group mapping.

Edit / Delete Group Mapping

Click the edit icon on the listing screen to edit the setting of the group mapping. The edit screen be display which you can edit the setting of the group mapping. Click on the delete icon to delete the group mapping. A prompt will be display to ask for your confirmation to proceed to delete the group mapping. Please exercise with cautions as this not a reversible action.

Was this article helpful to you? Yes No

How can we help?