Azure Active Directory Domain Services:
Pre-requisites:
- A HighSide Team has been setup and the “Active Directory” Toggle in the Admin settings has been toggled to on
- An Azure Active Directory with a unique FQDN exists
- A Secure LDAP certificate from a Trusted Certificate Authority has been generated as outlined by Microsofts documentation here
- Secure LDAP has been enabled for the Azure Active Directory that will be used as outlined by Microsoft's documentation here
- A HighSide Service Account has been created (typically under the “managed service accounts” Security Group)
Setup:
In the HighSide Admin Settings UI, Click the blue “Configure Active Directory” button:
After clicking this, you’ll be brought to our HighSide web UI where you’ll have the option to add a new directory from either Azure AD or On prem Active Directory. For this guide, we’ll go over the Azure Active Directory option. Click “Azure Active Directory” which will bring you to a data input field where you’ll see “Directory Name”, “Host Name”, “Port”, “Base DN”, “User Bind DN”, “User Password”, “SSL Enabled”
Filling out the data here should look something like this:
The Directory Name is simply whatever you’d like this directory to be called within the HighSide web UI.
The Host Name field is the host name for your Azure AD Domain Services setup. This is set when creating your Domain Service and can be set to whatever you'd like following Microsoft's naming guidelines.
The port should be left at 636
Your Base DN is the path for your organization, it should follow the layout set in the screenshot above.
Your User Bind DN is the path for your specific managed service account that has been created for HighSide and should follow the same layout set in the above screenshot.
Your User Password is the password for the managed service account created.
SSL should be left as enabled.
After you’ve filled out all the data fields you can click “Save Changes” you should get a “Saving Directory info” spinner and then be brought back to the main screen. Following this click “Configure” next to the directory you’ve just created. You should see “Directory Status: Connected” at the top (If you don’t and you see an error message please check your users credentials as well as the Domain Name in your configuration) If you have checked both and are still receiving an error please reach out to support@highside.io for additional help.
You also have to update a security group rule in Azure AD DS. You must add a rule to the "aadds-nsg-01" security group that allows Secure LDAP from HighSides servers, with this rule you'll need to reach out to your sales representative to receive HighSide's IP's that should be whitelisted. The rule should look as shown below with the proper IP's filled in once you receive them.
From the configure screen you’ll be able to set which Security Groups you’d like to have synced to HighSide and get updates as to when the next sync of that user group will occur. You can also manually refresh your security groups.
Microsoft Active Directory
Pre-requisites:
- A HighSide Team has been setup and the “Active Directory” Toggle in the Admin settings has been toggled to on
- An on prem Active Directory with a unique FQDN exists
- A HighSide Service Account has been created (typically under the “managed service accounts” Security Group)
Setup:
In the HighSide Admin Settings UI, Click the blue “Configure Active Directory” button
After clicking this, you’ll be brought to our HighSide web UI where you’ll have the option to add a new directory from either Azure AD or On prem Active Directory. Click the “Microsoft Active Directory” option which will bring you to a data input field where you’ll see “Directory Name”, “Host Name”, “Port”, “Base DN”, “User Bind DN”, “User Password”, “SSL Enabled”
Filling out the data should yield a result as below:
The Directory Name is simply whatever you’d like this directory to be called within the HighSide web UI
The Host Name field is the host name for your Active Directory server. This can be the FQDN or the IP of the specified server
The port can be configured to whichever port you’d like HighSide to access your Active Directory server on
Your Base DN is the path for your Active Directory you’d like HighSide to access, it should follow the layout set in the screenshot above
Your User Bind DN is the path for your specific managed service account that has been created for HighSide and should follow the same layout set in the above screenshot
Your User Password is the password for the managed service account created
SSL can be set to enabled or disabled depending on how you’d like HighSide to connect.
After you’ve filled out all the data fields you can click “Save Changes” you should get a “Saving Directory info” spinner and then be brought back to the main screen. Following this click “Configure” next to the directory you’ve just created. You should see “Directory Status: Connected” at the top (If you don’t and you see an error message please check your users credentials as well as the Domain Name in your configuration) If you have checked both and are still receiving an error please reach out to support@highside.io for additional help.
From the configure screen you’ll be able to set which Security Groups you’d like to have synced to HighSide and get updates as to when the next sync of that user group will occur. You can also manually refresh your security groups.