After you have successfully configured Active Directory, you can reconfigure it. This will wipe out the current Active Directory settings and start a new configuration.
Log into the Cryptographic Security Platform Compliance Manager webGUI with your standard account credentials.
In the side menu bar, select Settings.
- Click the Authentication tab.
- On the Authentication tab, click Manage under Active Directory.
- In the Authentication > Manage Active Directory section, click Reconfigure AD Now.
In the Details section, enter the following:
Field
Description
Configuration Method
Choose whether to use Automatic or Manual configuration.
Domain Name
The Domain name to use for account authentication.
Security
Choose None or SSL.
Service Account
The AD account that the tenant should use when logging into the AD server.
Service Account Password
The password for the Service Account.
- Click Next.
If you selected Automatic configuration, do the following:
In the Domains section, verify the domain that you want to use. The default domain is displayed with a star icon.
Important: Cryptographic Security Platform Compliance Manager automatically adds all of the discovered domain controllers and global catalogs, starting with the closest. If you have a large number, then this will be done in the background. If the domain that you want to use is not visible, and you do not want to wait, then we recommend that you complete the configuration process, then edit your AD configuration later.
Click Next and proceed to step 10.
If you selected Manual configuration, do the following:
In the Domains section, click the Edit icon to add at least one domain controller and global catalog.
Click Add Domain Controller in the Edit Domain bar.
In the Add Domain Controller section, complete the following:
Field
Description
Name
Enter the name of the domain controller.
Port
Enter the port number for the domain controller.
User Search Context (Base DN)
Enter the Distinguished Name (DN) of the node where the search for users should start.
For performance reasons, the base DN should be as specific as possible.
For example,
dc=ldapserver,dc=com.Group Search Context (Base DN)
The Distinguished Name (DN) of the node where the search for Security groups should start. This option applies to AD Security groups being associated with a Cloud Admin Group.
Click Add Global Catalog in the Edit Domain bar.
In the Add Global Catalog section, complete the following:
Field
Description
Name
Enter the name of the global catalog.
Port
Enter the port number for the global catalog.
User Search Context (Base DN)
Enter the Distinguished Name (DN) of the node where the search for users should start.
For performance reasons, the base DN should be as specific as possible.
For example,
dc=ldapserver,dc=com.Group Search Context (Base DN)
The Distinguished Name (DN) of the node where the search for Security groups should start. This option applies to AD Security groups being associated with a Cloud Admin Group.
Click Update.
Click Next.
In the Administrator section, enter the following:
Field
Description
Domain
Enter the name of the domain.
User
Enter the name of the Active Directory user.
If you are using SSL for security, click Next. If not, proceed to step 13.
In the Certificates section, check the Approve All Certificates checkbox. This will automatically approve all of the certificates in the domain controllers. Approving a certificate will download and approve all related certificates.
Click Complete.
You are logged out of the Cryptographic Security Platform Compliance Manager webGUI and can log back in with your AD credentials.