YOUR STORY PLAYS HERE
Home » Categories » Multiple Categories

How do I configure FrontDoor to pull users from Active Directory?

Applies to

  • FrontDoor 6.1+

Answer

This article is for Pros Only. We will not explain concepts of Lightweight Directory Access Protocols or Active Directory. Since configuration is occurring within your Active Directory system, Tightrope Support is unable to provide direct support of this process, only direction.

This integration will allow you to control who can log into Carousel from your domain controller. The Active Directory integration allows general control over who can log into the system, then FrontDoor allows you to further refine that control with our role based permissions system.

We use ASP.NET forms-based authentication with custom Active Directory authentication in the background, instead of IIS’s built-in NT Integrated Authentication. We do this because the IIS Integrated only works if you are using Internet Explorer on a Windows machine. With the forms-based authentication we can still use the domain to authenticate users, but are also compatible with all web browsers and platforms. Since forms-based authentication uses cleartext passwords, to increase security you can install a SSL certificate on the web server and run HTTPS.

Active Directory integrations are only supported on Windows Server operating systems, though they may still be possible on lower editions of Windows.
  1.  Join the Carousel Server to the domain.
  2. Run the IIS AppPool for all sites as an account that can query the domain controller.
  3. Create Active Directory groups. (These are hard coded, requiring correct spelling and capitalization)
    1. TRMS_Users
    2. TRMS_Admins
  4. All users who need to log in will need to be a member of TRMS_Users. Those who should be granted full administrator rights should be members of both.
  5. Modify the C:\TRMS\Configuration\connectionStrings.config file with the correct LDAP server.
  6. Modify the C:\TRMS\Configuration\membership.configfile.
    1. Change the defaultProvider to ADMembershipProvider.
    2. Uncomment the entry for ADMembershipProvider by removing the <!-- and --> entries.
    3. Enter the user name and password, or remove those entries to use the IIS AppPool credentials.
  7. Attempt to login to FrontDoor using an Active Directory account.

Additional Information

When FrontDoor authenticates using Active Directory it enumerates all the users in the TRMS_Users and TRMS_Admins groups. There are several fields that FrontDoor requires to be set on all of the users. If you experience problems with Active Directory integration, ensure that all the users have the fields below populated:

  • DistinguishedName
  • UserPrincipalName
  • GivenName
  • SN

FrontDoor is pulling the user’s First name and Last name from Active Directory using the givenName and sn fields. All users in TRMS_Users and TRMS_Admins (Active Directory User Groups) must have the First and Last Name (givenName and sn) populated.

By default, users log into FrontDoor using their UserPrincipalName, such as “bob.johnson@mydomain.com”. If you would prefer, you can set FrontDoor to use the SAMAccountName. To enable this, add attributeMapUsername=“sAMAccountName” to the ADMembershipProvider section of the membership.config file.

If your setup requires it, add the following two lines to the membership.config file in the ADMembershipProvider section:

minRequiredPasswordLength=“8”

minRequiredNonAlphanumericCharacters=“0”

2 (1)
Article Rating (1 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
How do I setup or configure a Carousel for BrightSign Player in 7.0?
Viewed 1666 times since Fri, Apr 21, 2017
How do I migrate my database and content to another server?
Viewed 2670 times since Mon, Sep 22, 2014
Licensing my server
Viewed 2227 times since Wed, Sep 17, 2014
I can’t login to my system
Viewed 1638 times since Mon, Sep 22, 2014
How do I install the Carousel Server Software?
Viewed 1507 times since Thu, Mar 23, 2017
Cablecast Updates - Version 6.0.3 is Released
Viewed 1258 times since Wed, Jan 20, 2016
Identifying Your Current Version of Windows
Viewed 1199 times since Fri, Aug 21, 2015
About Tightrope’s software version numbers
Viewed 2771 times since Wed, Dec 17, 2014
How do I configure Carousel to work with a separate Media directory?
Viewed 858 times since Fri, Apr 21, 2017
TRMS Software Compatibility Chart
Viewed 2305 times since Mon, Jun 8, 2015