Azure Active Directory Domain Services:

Pre-requisites:

  • A HighSide Team has been setup and the “Active Directory” Toggle in the Admin settings has been toggled to on
  • An Azure Active Directory with a unique FQDN exists
  • A Secure LDAP certificate from a Trusted Certificate Authority has been generated as outlined by Microsofts documentation here
  • Secure LDAP has been enabled for the Azure Active Directory that will be used as outlined by Microsoft's documentation here
  • A HighSide Service Account has been created (typically under the “managed service accounts” Security Group)

Setup:

 In the HighSide Admin Settings UI, Click the blue “Configure Active Directory” button:ncQapv3VFkXAYSJQsTAgplDoDPRMeGVs7w

After clicking this, you’ll be brought to our HighSide web UI where you’ll have the option to add a new directory from either Azure AD or On prem Active Directory. For this guide, we’ll go over the Azure Active Directory option. Click “Azure Active Directory” which will bring you to a data input field where you’ll see “Directory Name”, “Host Name”, “Port”, “Base DN”, “User Bind DN”, “User Password”, “SSL Enabled”

Filling out the data here should look something like this:f22RBDt5qHHPlTbSmAYdDE3abWQoB8ccWg

The Directory Name is simply whatever you’d like this directory to be called within the HighSide web UI.

The Host Name field is the host name for your Azure AD Domain Services setup. This is set when creating your Domain Service and can be set to whatever you'd like following Microsoft's naming guidelines.

The port should be left at 636

Your Base DN is the path for your organization, it should follow the layout set in the screenshot above.

Your User Bind DN is the path for your specific managed service account that has been created for HighSide and should follow the same layout set in the above screenshot.

Your User Password is the password for the managed service account created.

SSL should be left as enabled.

After you’ve filled out all the data fields you can click “Save Changes” you should get a “Saving Directory info” spinner and then be brought back to the main screen. Following this click “Configure” next to the directory you’ve just created. You should see “Directory Status: Connected” at the top (If you don’t and you see an error message please check your users credentials as well as the Domain Name in your configuration) If you have checked both and are still receiving an error please reach out to support@highside.io for additional help.

You also have to update a security group rule in Azure AD DS. You must add a rule to the "aadds-nsg-01" security group that allows Secure LDAP from HighSides servers, with this rule you'll need to reach out to your sales representative to receive HighSide's IP's that should be whitelisted. The rule should look as shown below with the proper IP's filled in once you receive them.

d4f1VtDC6geagiSWsfmKS5tfmTj2jlK1vA

KX5UrLqPp-928vVLLON3Ou9iFw___2iRtg

From the configure screen you’ll be able to set which Security Groups you’d like to have synced to HighSide and get updates as to when the next sync of that user group will occur. You can also manually refresh your security groups.

Microsoft Active Directory

Pre-requisites:

  • A HighSide Team has been setup and the “Active Directory” Toggle in the Admin settings has been toggled to on
  • An on prem Active Directory with a unique FQDN exists
  • A HighSide Service Account has been created (typically under the “managed service accounts” Security Group)

Setup:

In the HighSide Admin Settings UI, Click the blue “Configure Active Directory” button4vb3eYgbC45nNchmzhNy30DUbh4C-DTzbg

After clicking this, you’ll be brought to our HighSide web UI where you’ll have the option to add a new directory from either Azure AD or On prem Active Directory. Click the “Microsoft Active Directory” option which will bring you to a data input field where you’ll see “Directory Name”, “Host Name”, “Port”, “Base DN”, “User Bind DN”, “User Password”, “SSL Enabled”

Filling out the data should yield a result as below:

iWDY3baayRXK6wSxKkl44blLLLJpRMiKYg

The Directory Name is simply whatever you’d like this directory to be called within the HighSide web UI

The Host Name field is the host name for your Active Directory server. This can be the FQDN or the IP of the specified server

The port can be configured to whichever port you’d like HighSide to access your Active Directory server on

Your Base DN is the path for your Active Directory you’d like HighSide to access, it should follow the layout set in the screenshot above

Your User Bind DN is the path for your specific managed service account that has been created for HighSide and should follow the same layout set in the above screenshot

Your User Password is the password for the managed service account created

SSL can be set to enabled or disabled depending on how you’d like HighSide to connect.

After you’ve filled out all the data fields you can click “Save Changes” you should get a “Saving Directory info” spinner and then be brought back to the main screen. Following this click “Configure” next to the directory you’ve just created. You should see “Directory Status: Connected” at the top (If you don’t and you see an error message please check your users credentials as well as the Domain Name in your configuration) If you have checked both and are still receiving an error please reach out to support@highside.io for additional help.

5KHEYOYp9hPJsQcWQ0rFfqHvDH807Zh64w

From the configure screen you’ll be able to set which Security Groups you’d like to have synced to HighSide and get updates as to when the next sync of that user group will occur. You can also manually refresh your security groups.