Login - Active Directory ConfigurationPhixFlow supports multiple modes of supporting authentication users. Users can be authenticated either with local credentials, native active directory based credentials, or using SAML to authenticate with active directory or other services, such as Okta. Property | Requires Configuration | Default Value | Explanation |
|---|
login.activeDirectory.enabled | Often | false | Whether Active Directory integration is enabled. | login.activeDirectory.domain | Often | http://example.com | The domain being logged into | login.activeDirectory.alternativeDomain | Rarely | http://example2.com | If a user is not found in Active Directory with the primary domain (login.activeDirectory.domain) then the alternative domain will be tried. | login.activeDirectory.url | Often | ldaps://ldap.example.com | Space separated list of domain LDAP servers. | login.activeDirectory.dn | Often | ou=user accounts,dc=example,dc=com | If you have a large AD tree, searches may take some time, and this could lead to slow authentication for users. Therefore it is possible to specify a root DN (Distinguished name) at which PhixFlow will begin searching for the user. The Distinguished Name format is standard and further details can be found on the web. | login.activeDirectory.timeout | Rarely | 5000 | You can specify a timeout. For each server specified, if the server does not respond within the limit specified by the timeout, it will try the next server. If the last server in the list times out, then the authentication will fail. The timeout is specified in milliseconds. | login.activeDirectory.authenticationOnly | Occasionally | false | If this is true Active Directory is used for authentication when logging in, but not authorisation. This is a mixed user. The user must be configured in PhixFlow before logging in and user groups must be configured for the user. External groups will not be used to determine access rights. |
|