...
Insert excerpt | ||||||||
---|---|---|---|---|---|---|---|---|
|
This page describes how to integrate PhixFlow with Active Directory:
Table of Contents | ||
---|---|---|
|
...
...
...
Create domain reference
To create a reference to a domain, update the section in the example file:
...
language | xml |
---|
...
...
...
...
...
For example, if this domain will be referred to as corporate, update this to (remembering to remove the surrounding comment):
Code Block | ||
---|---|---|
| ||
<!-- Template of a authentication-provider -->
<security:authentication-provider ref="corporate" /> |
Add connection details
Simple connection
The simplest type of connection is illustrated below, referencing a single AD server.
Update the section in the example file:
...
language | xml |
---|
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
PhixFlow Active Directory Setup
System Configuration
Go to the Active Directory tab in the System Configuration window.
There are two fields to configure:
...
Code Block |
---|
local |
Code Block |
---|
narnia.local |
...
The list of names of Active Directory groups authorized to use this instance of PhixFlow, separated by semicolons. There must be no spaces between the groups listed, just semicolons. Use {instance} to include the PhixFlow instance name (this is set up in System configuration).
Note that these groups do not have to be mapped to any of the PhixFlow User Groups (see below), although they can be if you wish.
...
Code Block |
---|
PHIXFLOW_ADMINS; PHIXFLOW_USERS_{instance} |
With the given configuration, assuming the instance name is ‘LIVE’, members of the following Active Directory groups will be authorized to log in into this PhixFlow instance:
- PHIXFLOW_ADMINS
- PHIXFLOW_USERS_LIVE
User Groups
When Active Directory users log into PhixFlow, their Active Directory groups are mapped to PhixFlow User Groups. You can set up this mapping by specifying an Active Directory Group in a PhixFlow User Group. When an AD user in that Active Directory group logs into PhixFlow, they will be put into that PhixFlow User Group. You do not need to map all of a user's Active Directory Groups to PhixFlow User Groups. For each user, any Active Directory groups that are not mapped are simply ignored.
The mapping is configured in the field Active Directory Group in the user group configuration form.
You can use {instance} to include the PhixFlow instance name.
With the given configuration, assuming the instance name is ‘LIVE’, members of the Active Directory ‘PHIXFLOW_USERS_LIVE’ will be members of the ‘Designers’ PhixFlow User Group.
Active Directory users appear on the Group Members list. There is a new column which indicates if the user is a local user or a Active Directory user. Only local users can be added or removed from the list.
User Details
While editing an Active Directory user some fields are invisible. Login name cannot be changed. The domain of the User is shown in the header of the editor.
Logging in as a Active Directory user
There is a new Domain field on the PhixFlow login screen. The value this will have by default is set in System Configuration (see above).
To log in, users must select the domain they need - if this is not the default, they can select one from the drop down list, which will show all configured domains.
After choosing a domain, the suffix will be added to the username automatically:
While logging as an Active Directory user, the user must use their Active Directory password, which cannot be changed through PhixFlow.
If the Active Directory user is not a member of an Active Directory group authorised to use PhixFlow (see above), they will get a standard failure to login message.
If the user is in an Active Directory Group authorised to use PhixFlow, but none of their Active Directory groups are mapped to PhixFlow user groups, they will be able to successfully log in, but will have no access.
...
...
...
...
...
...
...
...
log4j.logger.org.springframework.security=debug
...