Active Directory is Microsoft’s primary authentication service widely used in Enterprise organizations and even via Microsoft’s cloud services. While Active Directory also supports LDAP protocol support (which Morpheus can integrate with as well), the main Active Directory integration can also be utilized. It is even possible to map Active Directory groups to equivalent Roles within Morpheus.
NOTE: To use Active Directory, a valid / trusted SSL certificate must be in place on the Active Directory services (self signed will not work).
Adding an Active Directory integration
- Navigate to Admin -> Accounts
- Select an Account
- Select Identity Sources
- Select + Identity Source
- Choose "Active Directory"
The following fields are important for integrating active directory:
Name: Unique name for authentication type.
AD Server: Hostname or IP address of AD Server.
Domain: Domain name of AD Domain.
Binding Username: Service account username for bind user.
Binding Password: Password for bind service account.
- Required Group: The AD group users must be in to have access (optional)
Default Role: The default role a user is assigned if no group is listed under AD user that maps under Role Mappings section.
Service Account Holder: This is the admin account type in Morpheus and an AD group can be created and populated to a user that this role should be assigned. Roles are assigned dynamically based on group membership.
Now users can login to the UI via their active directory username.
NOTE: Only the username is required with password not the username@domain.