Note: Please select Windows Server 2016 Active Directory to pair with the Demo presentation as this AD integration is developed and tested mainly based on Win Server 2016 AD. Although it should be compatible with 2012 and 2008 Active Directory, verify needed.
1. Add Ad Server
First things first, you will need to authenticate an AD server in order to later authenticate an AD user or AD groups to use Splashtop service.
Please log into your System owner account, go to System tab, and click Add AD Server:
- Name: Fill up an AD Server name concatenated to the actual AD server of your company.
- LDAP URL Format: ldap://onpremise.corp <- As shown in below picture we have established an AD domain called onpremise.corp beforehand. The format thus including ldap scheme (ldap://) + implied address (onpremise.corp)+port number ( if needed). LDAPS is supported as well in current version of Gateway.
- Base DN: AD server’s distinguished name. To copy and paste the Distinguished Name of any AD object, you would like to go to View tab in Active Directory Users and Computers on Windows 2016, select Advanced Features, then right click on the target object that you want to get the distinguished name from, select Attribute Editor, double click on distinguishedName attribute to copy the parameters. Then you can simply paste the distinguished name to Gateway side.
- Account: Any valid AD user account helps to prove the relevance of an AD server. Format follows MSAD epic SAM-Account-Name.
- Password: The AD password of associated AD user account.
- Test Connection: Press this button to check the availability of desired AD server for authentication.
- Add: Press this button to add a validated AD server to the server list.
2. Add AD user or AD group
Once an AD server has been successfully authenticated, it would appear to AD server list in System- Active Directory tab. Now navigate to Management tab – Users, click on Add AD User button on the top.
- User Type: By selecting AD user, an AD individual user will be authenticated and added to Enterprise Gateway. Selecting AD group allows bulk authentication of its AD group members.
- AD Server Choice: Select the AD server which contains the target AD user or group.
- Account: Fill up the SAM-Account-Name of desired AD user or group.
- Group: Chose the initial group an AD user or AD group will fall into once added.
- Role: Chose Admin or Member to assign different access permission tailored to needs.
- Verify: Check the availability of desired AD user or group for authentication.
- OK: Add a validated AD user or group to the target group.
3. AD Group Members
Green user icon represents AD users or AD groups as shown in the below screenshot below. If an AD group has been added to Enterprise Gateway, its associated AD members would be authenticated automatically and able to log into Enterprise endpoints. The bulk authentication members can be manipulated on fixed location called AD Group Members. The AD users in AD Group Members will be showed up after log into endpoints with his/her AD account at least once. By contrast, an AD individual user added to Gateway will be displayed and modified property immediately. The user role and access permission of AD Group members cannot be modified like other types of user.
All successfully authenticated AD users can use their AD credentials to log in Enterprise endpoints and start to use Splashtop remote services.