To authenticate users, the PK Protect host machine must have access to a directory service. This could be your company's enterprise directory service, or it could be a dedicated directory service created specifically for PK Protect users.
PK Protect users log into the application using the credentials specified in the directory server, and the DSM Administrator connects to the server and verifies that the user credentials are valid. After this initial authentication, PK Protect applies any restrictions associated with the user's role.
You can specify one directory service during installation, and you can switch to another by modifying the connection information. Before switching to a new directory server, you should confirm that all PK Protect users listed on the Admin User Management screen are also listed in the directory server.
If you have installed the build using DB Authentication, you can switch to any other directory type using the authentication screen, but once you have switched to another directory type, you cannot move back to DB Authentication.
Perform the following steps to modify the directory service.
Click Authentication in the left side pane.
The Authentication Service Management screen will appear.
The fields are described below:
Directory Type: Select the directory type from the dropdown. The options are displayed below:
Directory Name: Specify the directory name.
*Note: This field will be only visible for Azure AD and DB Authentication directory type.
Protocol: Select ldap or ldaps for protocol.
Primary Server Details: Specify the Server and Port No for the primary server.
Secondary Server Details: Specify the Server and Port No for the secondary server (back-up server).
Domain/Tenant: Specify the domain.
Base DN: Specify the base path to AD. For example, dc=mydomain, dc=com.
Application Id: Specify the Id of the application created in Azure.
*Note: This field will be only visible for Azure AD directory type.
User DN/Principal Name: Specify the distinguished name or the principal name of the user.
Password: Enter the user login password.
Group User’s Login Attribute: Specify the attribute holding the name of a group. For example, sAMAccountNmae, CN, SN etc.
Use as Default: Check this checkbox in case you want to set the domain as the default domain
Click Test to authenticate the user.
When Active Directory is the directory service, PK Protect supports the use of multiple domains. One domain is set when PK Protect is initially configured. To use multiple domains, navigate to the Authentication screen in Admin, after initial configuration, enter the details of the domain to be added.