How to Connect KeyControl 5.4 to Active Directory
This post will walk through the steps to connect Entrust KeyControl to Active Directory.
To get started here is what you will need to complete the steps in this post:
- A deployed Entrust KeyControl v5.4 cluster (Click this sentence to learn how to do this)
- Active Directory service account
Now, let’s get started…
Connect KeyControl to Active Directory
Log in to the deployed Entrust KeyControl cluster. Once logged in:
- Click the Settings menu item
- Under the “General Settings” group click Authentication
Click the Type drop-down box and select LDAP from the list.
Enter the following information for your Active Directory domain then click Apply:
- Domain Name
- Service Account Name - see the note below
- Service Account Password
NOTE: The Service Account Name should be specified using one of the following formats:
- Distinguished Name (DN): For example, CN=Administrator,CN=users,DC=entrust,DC=com
- User Principal Name (UPN): For example, firstname.lastname@example.org
- Account username: For example, administrator
The AD account does not need to have administrative rights. Permissions to read the directory and look up usernames and group membership is good enough.
Next you will enter the information for your Active Directory Domain Controllers. Click Add Domain Controller
Enter the fully-qualified domain name (FQDN) for one of the Active Directory Domain Controllers in your environment. If you are using SSL between your domain controllers then you will need to also upload the CA certificate for your domain. If you are not using SSL then select LDAP from the drop-down box.
Click Save & Close
You will need to repeat this step for all of the domain controllers you have in your environment. Simply click the blue plus sign (+).
After you have added all of your domain controllers it’s time to move onto adding a second KeyControl Security Administrator.
This post walked through the process of connecting Entrust KeyControl to Active Directory. This way you can follow the usual IT process of managing all of your accounts through a centralized user directory such as Active Directory.
In a follow-on post, I will write about how to add a second KeyControl Security Admin.
Here are links to related posts:
- How to deploy a 2-node Entrust KeyControl v5.4 cluster
- How to Add a Second Security Administrator to Entrust KeyControl v5.4 from Active Directory
- Entrust KeyControl YouTube playlist
- YouTube video: Entrust KeyControl - Joining a KMS Cluster to Active Directory
If there is something you think I’m missing and feel should be added, please let me know.
Thanks for reading!