Integrate with Active Directory

In this topic, you will learn how to integrate Portnox™ Cloud with a local Active Directory (AD) instance.

Make sure that you have at least one Windows server (physical or virtual), which has access to the local Active Directory, and where you can install the Portnox Active Directory Broker.

  1. In the Cloud portal top menu, click on the Settings option.

  2. In the Cloud portal left-hand menu, click on the AUTHENTICATION REPOSITORIES tile.

  3. In the right-hand side pane, find and click on the DIRECTORY INTEGRATION SERVICE heading.

    More options appear under the DIRECTORY INTEGRATION SERVICE heading and description.

  4. Under the DIRECTORY INTEGRATION SERVICE section, click on the Add new domain link.

    Configuration options appear under the New Domain heading.

  5. In the User repository type field, select the Active Directory option.

  6. In the Display name field, type a display name for your configuration.
  7. In the Base DN field, type the Distinguished Name (DN) of the starting point for directory server searches.

    Distinguished Names are in the X.500 Directory Services format of Domain Components (DC). To convert a domain name to Domain Components, split the domain name at the period, and create a dc= entry for each part. For example, for the domain vorlon.com, the DN would be dc=vorlon,dc=com.

  8. In the Domain names section, click on the Add new domain name link.
  9. In the Domain name field, type the domain name controlled by your local domain controller and click on the Add button.

  10. In the Domain controllers (DC) field, click on the Add new Domain Controller link.
  11. In the Host and Port fields, enter the IP address of your domain controller and the port number, and then click on the Add button.

    The typical port numbers are 389 for non-encrypted connections and 636 for SSL/TLS connections. If you want to use SSL/TLS connections to connect to your domain controllers, select the Use SSL checkbox below.

    Note: There are two standards of SSL/TLS connections with LDAP, LDAPS (LDAP over SSL) and STARTTLS (LDAP over TLS). Portnox Cloud uses the LDAPS (LDAP over SSL) standard.
  12. Click on the Save button below to save your configuration.
  13. Create credentials to access Portnox Cloud from external services.
    Note: Skip this step, if you already created the credentials for another purpose earlier.
    1. In the Portnox Cloud left-hand menu, click on the SERVICES tile.

    2. Click on the CLEAR GENERAL SETTINGS heading to expand the section.

    3. Scroll down to the CREATE CREDENTIALS TO ACCESS THE CLEAR CLOUD SERVICE FROM EXTERNAL SERVICES heading, and then click on the Generate Credentials link.

    4. Check your email. You will receive the credentials by email.

      Note: Preferably, check the email on the device where you will be installing the broker or copy the information from the email to a file on that device.
  14. Download, install, and configure the Portnox Active Directory Broker software.
    Note: The Portnox Active Directory Broker is available for Windows only.
    1. Switch to the device or virtual machine where you will install the broker.
    2. Log in to Portnox Cloud and go to the Settings > AUTHENTICATION REPOSITORIES screen.
    3. In the DIRECTORY INTEGRATION SERVICE section, scroll down to the DOWNLOAD PORTNOX CLEAR DIRECTORY BROKER section, and click on the Download link.

    4. Run the broker installation file PortnoxADBroker.exe and click on the Next button.

    5. Paste the credentials from the email received earlier into the fields in the broker installation window and click on the Next button.

    6. Input the credentials for a domain controller user account and click on the Next button.
      Note: These are credentials for a user account that exists in your domain controller, not in Portnox Cloud. For security, we recommend that you create a separate user in your domain controller, who only has read access and is only used by the broker.

    7. After the installation completes, click on the Finish button.
  15. Optional: If you want to configure your Active Directory or OpenLDAP integration or set additional options, read the following topic: Edit your AD/OpenLDAP integration.

Result: You can authenticate devices on your network using your local Active Directory.

For troubleshooting, see the following FAQ topic: How to check if the AD Broker connects to the cloud