Configure AD Authentication

To enable AD authentication you must configure the security.propertiesfile and Login Policy. The task below starts with the configuration of the security.properties file; however, you may configure the Login Policy prior to.

  1. Open the application’s security.properties file.

    The default location is C://Program Files > “Application Name”> configuration > security.properties

  2. In security.profiles=SECURITY-WEB1, enter the security profile for AD; for example: security.profiles=SECURITY-WEB-AD.
  3. Optional - To identify multiple profiles enter the desired security profiles; for example:security.profiles=SECURITY-WEB-AD,SECURITY-KERBEROS,SECURITY-WEB

    Note no space after the comma and be sure to set all applicable settings when entering multiple security profiles.

  4. In security.ad.domain, enter your company’s domain name, for example, Kronos.com.
  5. In security.ad.server, enter the address of the active directory server.
  6. Save the file to confirm your settings.
  7. Stop and Restart the application to initiate your new settings.
  8. Go to: Setup > Login Policy to create a new Login Policy.
  9. Click Add, to create a new Login Policy or click an existing Login Policy to edit.
  10. In Active Directory/LDAP, select the check box Authenticate via Active Directory/LDAP.
  11. Click Save.
  12. Assign this login policy to personnel who will be using AD/LDAP authentication.

    Important: Be sure the person’s Login ID or User ID match those of the external provider. For example, if the AD Login ID is set to use the username without the domain prefix or suffix extension and the person’s domain login ID is John.Doe@kronos.com, then their Login ID for this application will be will be: “John.Doe”.

AD Sample Settings

security.ad.domain=eng.int.kronos.com
security.ad.server=ldap://dcen01-wlt.eng.int.kronos.com/
1 The default security.profiles is SECURITY-WEB.