Importing Users from Active Directory

You can set up PrivX to automatically add users from user directories. Such users can then be given access to hosts via PrivX.

For example, to add Active Directory (AD) users:

1. Configure PrivX to scan the AD server for users. To do this, log into PrivX as superuser (or other privx-admin user). Then on the ​Administration→Directories​ page, click ​Add Directory​​.

2. Provide the required AD settings.

   

   📘

   Note

   ​​%s​ in the ​User DN pattern​​ stands for the user name by which AD users may log into PrivX. For example assume there is an AD user with the following fields:

   sAMAccountName: alice
   userPrincipalName: [email protected]

   In this case, if ​User DN pattern​ were set to ​(sAMAccountName=%s)​​, the user can log in with the user name ​alice​​. If ​User DN pattern​ were set to ​(userPrincipalName=%s)​​, the user can log in with the user name ​[email protected]​​.

   ​​Save​​ the directory settings. PrivX automatically connects to the AD server to add any users found with the given settings.

   

3. You may verify the AD status back on the ​Administration→Directories​ page. After PrivX finishes adding users from the AD, the connection status should display ​OK​​, along with the number of users added.

   To list the users added from the AD, perform a ​List Users​​ action on the AD entry.

   

   To grant AD users access to hosts and services, add them to roles. For example, you can add an additional rule to the Example Role that was created earlier.

   

   AD users may then log into the PrivX GUI and establish SSH/RDP connections. The allowed connection targets are determined by the role(s) assigned to the AD users.