Importing Users from Active Directory
You can set up PrivX to automatically add users from user directories. Such users can then be given access to hosts via PrivX.
For example, to add Active Directory (AD) users:
-
Configure PrivX to scan the AD server for users. To do this, log into PrivX as superuser (or other privx-admin user). Then on the Settings→Directories page, click Add Directory.
-
Provide the required AD settings.
Note
%s
in the User DN pattern stands for the user name by which AD users may log into PrivX. For example assume there is an AD user with the following fields:sAMAccountName:
alice
userPrincipalName:[email protected]
In this case, if User DN pattern were set to (sAMAccountName=%s), the user can log in with the user name
alice
. If User DN pattern were set to (userPrincipalName=%s), the user can log in with the user name [email protected]
.Save the directory settings. PrivX automatically connects to the AD server to add any users found with the given settings.
-
You may verify the AD status back on the Settings→Directories page. After PrivX finishes adding users from the AD, the connection status should display OK, along with the number of users added.
To list the users added from the AD, perform a List Users action on the AD entry.
To grant AD users access to hosts and services, add them to roles (similarly as in Creating Local Users and Roles). For example, you can add an additional rule to the Example Role that was created earlier.
AD users may then log into the PrivX GUI and establish SSH/RDP connections. The allowed connection targets are determined by the role(s) assigned to the AD users.
Updated over 3 years ago