Authomate allows the integration of an existing external directory service for authenticating team members. Authomate supports LDAP/Active Directory and Azure Active Directory.


LDAP/ActiveDirectory


1) Go to Team Settings, select the External Directory Service tab, and select the 'LDAP/ActiveDirectory' option.


2) Fill in the fields to configure your directory service.

  • The parameters used for directory server queries include the login and password of the account designated for use by the Automate server to interact with the Active Directory server.
  • The trusted certificate is required to enable changing passwords through the Automate server and when the server’s certificate is not signed by a CA already trusted by the Authomate Server.
  • Click here for a description of LDAP parameter syntax.
  • Click here for more detailed information on the auto sync feature.

Below is a sample configuration. Before saving your entries you can test your configuration by clicking on the Test Settings button.


When you click on the Test Settings button it will run your directory server query and display a pop up summary window. If the results are what you expect, click the Save button to save your settings.



Azure Active Directory


1) Before configuring Authomate to integrate with an Azure Directory Service you must first configure the following on the Azure server:

  • If you do not already have an existing Azure Active Directory:
    • Create a new Azure Active Directory
    • Create a Global Administrator for the new Azure AD
  • Create a new App Registration and name it (e.g Authomate Server)
    • Create a new API Permission via Microsoft Graph: Directory.Read.All - Application and Microsoft Graph: User.Read - Delegated. Click on the the "Grant admin consent for AD Name" button
    • Under the Authentication tab toggle to "Yes" to treat the application as a public client
    • Create a Client Secret Key under Certificate & Secrets tab
  • Make a note of the Directory (tenant) ID, Application (Client) ID, and Client Secret Key which you will need to configure the Azure AD External Directory Service in your Team Settings


2) Go to Team Settings, select the External Directory Service tab, and select the 'Azure AD' option.


3) Fill in the fields to configure your directory service.

  • The Groups field is used to query the set of users that are eligible to be synchronized to the Authomate server. Only users that are members of these groups – including members of groups that are members of these groups – will be shown on the Synchronize External Users page. If no groups are specified, then all users will be shown.
  • Click here for more detailed information on the auto sync feature.


Below is a sample configuration. Before saving your entries you can test your configuration by clicking on the Test Settings button.


When you click on the Test Settings button it will run your directory server query and display a pop up summary window. If the results are what you expect, click the Save button to save your settings.


Add Team Members from External Directory Service


To add team members from your directory server, go to Manage Users and select "Synchronize External Users" from the Menu. For more information on adding users from an external directory service click here.


External Directory Service Auto Sync Feature


When the Auto Sync Feature is enabled, the server will automatically update team members from the list of users queried from your Active Directory (AD) service. If the query is successful, the server will compare the list of existing team members and the list of users retrieved from AD and will attempt the following: 

  • New users in AD will be added to your team, provided you have not exceeded the number of users allowed by your license. New users will receive an email invitation to join the team and the event will be logged in your activity log.
  • Team members whose personal name or email was modified in AD will be updated and the event logged.
  • Team members that no longer exist in AD will be locked. The event is logged and the account's status field is updated to "Locked by AD sync" on the Manage Users screen. The team administrator can unlock the account which allows the user to continue to use the account, but it will lock again the next time the user is missing from AD.
  • If the user is missing from AD seven consecutive times, the user will be deleted from the team. The event is logged and the user is sent an account deletion email. If the team administrator unlocks the account, the count of consecutive occurrences is reset to zero, so the administrator can postpone the account deletion indefinitely.