Active Directory Enhanced - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Standard
Essential
Premier

Active Directory - Enhanced is a Windows-based integrated security method that provides control over domain group mapping. OnBase user rights are granted to the user based on the rights granted to the OnBase User Groups that the user's account or Active Directory group is mapped to. An Active Directory user or group can be mapped to one or more OnBase User Groups, and OnBase User Groups can be mapped to one or more Active Directory groups or users. This method can be configured to allow users to log in to OnBase automatically based on the credentials supplied when they logged in to their workstation, or to be prompted for those login credentials when accessing OnBase.

An Active Directory user or group can be mapped to one or more OnBase User Groups, and OnBase User Groups can be mapped to one or more Active Directory groups or users. Group mapping and user authentication is achieved using the Active Directory Security ID (SID) of the group and user logging in, so name matching is not required with Active Directory Enhanced. This also allows OnBase to support multiple domains that may have different users with the same user name.

Note:

The Active Directory Enhanced authentication scheme configured under Directory Service Authentication is different from Active Directory Federation Services (AD FS). For details on configuring OnBase to use AD FS, see .

To authenticate users using Active Directory Enhanced, select Active Directory - Enhanced in the Directory Service Authentication dialog box, then click the Settings button. The Active Directory - Enhanced dialog box is displayed.

CAUTION:

Setting your OnBase system to use Active Directory Enhanced security cannot be undone.

  • The Configured Active Directory Domains pane in the upper left of the dialog box lists the Active Directory domains available for mapping.

    Tip:

    The default view is a flattened list with user membership under each group. To view the domains in a standard Active Directory hierarchy, right click in the Configured Active Directory Domains pane and select View > Organizational Unit (OU) View from the right-click menu. The Active Directory - Enhanced dialog box will display the most recently used view the next time it is accessed.

    Disabled domains are visually represented in the Configured Active Directory Domains pane by a dark screen on the icon, as shown beside A in the following illustration. B represents an enabled domain.

  • The upper right pane of the dialog box lists the OnBase User Groups available for mapping.

  • The Evaluation Results pane in the lower left of the dialog box displays the results when an Active Directory user or group is evaluated for authentication.

  • The Options pane in the lower right provides for the configuration of additional options that can be applied to Active Directory authentication.