Online Help > Web Interface > Administration > Configuration > Password Server Settings > General > Authentication Online Help

Domain

2019-11-15

Description

 

The domain is used to authenticate the user. This is the most secure, flexible and easiest to manage. No need to sync users between the domain and Devolutions Password Server. On first use of the Devolutions Password Server data source, the user will be created and be given access rights according to their role in the organization as defined on the domain. You simply need to grant appropriate permissions to your roles in Devolutions Password Server. Upon authentication we will validate the AD groups to which the user belongs and for any that have a corresponding role we will grant the permissions to the user.

 

Authentication - Configure Domain

Authentication - Configure Domain

 

Settings

 

Domain Authentication

OPTION

DESCRIPTION

Domain

Specify the remote computer domain name.

Container


Administration credentials

Add the credentials of a domain or service account to access the Active Directory forest and obtain user account information through LDAP queries. This is needed when the server hosting the instance is not located on the domain. This account needs to be a member of the Account Operators AD group in order to have enough permissions to retrieve user account information and group memberships.

Allow logins using email address

Allow users to use their email address to connect to the Devolutions Password Server instance. The email address field must be filled in the User Management.

 

LDAPS

OPTION

DESCRIPTION

Enable LDAPS

Enable the LDAP over SSL communication.

Port

Default: LDAPS default communication port.

Custom: Set a specific port value.

 

Multi Domain (Disabled)

BadgeCaution48x48

The Multi Domain feature requires the Devolutions Password Server Platinum Edition license. Currently, it is only working with trusted domains that belong to the same AD Forest.

 

OPTION

DESCRIPTION

Multi domain

Enable the Multi domain feature.

Trusted domains

Add your trusted domains.

 

Automatic User Creation

OPTION

DESCRIPTION

Auto create domain users in database

Automatically create the domain user account in the the database on the first login attempt.

Create read-only user

When this option is enabled, the user account will be created as a Read only user type account.

Default Vault

Will give access to that Vault to the user.

Only from this AD group

Will create automatically the user only if he is a member of this AD group.

Username Format

Select the username format that will be created in the database.

UPN : The user will be created using the UPN format ex: bill@windjammer.loc.

NetBios : The user will be created using the NetBios format ex: WINDJAMMER\bill.

Username : The user will be created using the SAM account name.

 

Domain Users and Roles Cache

OPTION

DESCRIPTION

Enable domain cache feature

Activate the domain cache feature.

Update users and groups data every:

Set the hours and minutes period that the Domain Users and Roles Cache will be refreshed. When enable, the default value is set to 30 minutes.