Active Directory Integration with AuthNull

Introduction

Active Directory (AD) is a Microsoft technology used to manage computers and other devices on a network. Integrating Active Directory with AuthNull allows organizations to utilize AD credentials for endpoint authentication. When a user is onboarded into the AuthNull platform, they are automatically provided with a Decentralized Identifier (DID) and an Active Directory Verifiable Credential (AD VC) is sent to their wallet.

How Active Directory Integration Works

The AuthNull Active Directory Agent acts as a secure conduit, seamlessly connecting AuthNull with your Active Directory domain. This integration enhances access management, streamlines user import, and facilitates delegated authentication. The AuthNull Active Directory Agent serves as a secure connector, facilitating seamless integration between AuthNull and your Active Directory domain. This bridge empowers AuthNull with user import and delegated authentication capabilities, enhancing your privileged access management strategy.

Prerequisites

  • An active AuthNull administrator account.
  • Access to your Active Directory domain with appropriate permissions.

Registration and Configuration

Navigating to Active Directory Integration: Log in to the AuthNull dashboard using your administrator credentials and navigate to the ‘Directory’ section. Then, select ‘Active Directory’.

active directory

Registering the Active Directory Agent: Look for the ‘Add Directory’ option in the top right and click to initiate the registration process.

active directory

Entering Domain Details: Provide your Active Directory domain name and server address.

active directory

Configuring Synchronization Settings: Get configuration settings (a config file).

active directory

Download and execute a powershell script in a machine close to the Active Directory Domain controller: Use a machine close to the domain controller to execute the agent so that the agent can synchronize the users and groups from the active directory.

active directory

Execute the command “./ad-agent-install.ps1 -OutputPath C:\authull”

active directory

Then it install the ad-agent

active directory

Copy the config and paste when script prompt for configuration

active directory

Then it will save the configuration file

active directory

Validate active directory users: Validate active directory users by looking at the users list in the “Directory” tab of AuthNull.

active directory

The active directory agent does the following

  • Discover all privileged accounts
  • Discover all privileged account based policies
  • Discover all authentication that is happening
  • Enable password rotations for credentials based on password policy.
  • Enable password rotations for users who are checked out on a per policy basis.

Authenticating into an Endpoint

When users attempt to log into the endpoint using their AD username, the wallet shares the AD VC for authentication.

active directory

The wallet shares the AD VC for authentication

active directory

Users can:Accept the “Share credential” request from their wallet to authenticate or Decline to reject the authentication request

active directory