Authomate allows the integration of an existing external directory service for authenticating team members. Authomate supports LDAP/Active Directory and Azure Active Directory.



LDAP/ActiveDirectory

1) To configure the  external directory service you must go to Team Settings, Select the External Directory Service tab, and select the 'LDAP/ActiveDirectory' option.


2) The External Directory Service parameters form is presented.


3) You must configure the following:

  • The Primary URL (e.g. ldaps;//xyzprimary.acme.com) of the directory server and an optional Secondary URL (e.g. (e.g. ldaps;//xyzsecondar.acme.com) for redundancy.
  • The parameters used for directory server queries include the login and password of the account designated for use by the Automate server to interact with the Active Directory server,   the user query criteria within the Active Directory server, and the Active Directory query root.
  • The mapping of team attributes to directory server fields.
  • The PEM format certificate you want to use to authenticate the LDAP/AD server. The server certificate is specifically required to enable changing passwords through the Automate server and when the server’s certificate is not signed by a CA already trusted by the Authomate Server.
  • The settings checkbox 'Verify account status on each credential use'  is checked by default.  The server verifies that the user's account in AD exists, the account is unlocked, and receive shared credentials whenever you:

    • unlock the app
    • use the app to log into a website (via the extension on a PC), application or PC in online mode.


Below is a sample configuration which includes certificates. Click here for an example on how to form these parameters. Before saving your entries you can test your configuration by clicking on the Test Settings button.


4) Verify if records retrieved are the results you expect.



5) Once complete click on the Save button and you are now ready to add users to the team from the external directory server.


6) To add users from the Directory Server click on the Manage Users tab and select  "Synchronize External Users" from the Menu as shown below. for more information on adding users from an external directory server click here.




Azure Active Directory

1) Before configuring Authomate to Integrate with an Azure Directory Service you must first configure the following on the Azure:

  • Create a new Azure Active Directory
  • Create a Global Administrator for the new Azure AD
  • Create a new App Registration and name it e.g Authomate Server)
    • Create a new API Permission via Microsoft Graph: Directory.Read.All - Application and Microsoft Graph: User.Read - Delegated. Click on the the "Grant admin consent for AD Name" button
    • Under the Authentication tab toggle to "Yes" to treat the application as a public client.
    • Create a Client Secret Key under Certificate & Secrets tab and copy the secret before you leave the page 


2) To configure the external directory service you must go to Team Settings, Select the External Directory Service tab, and select the 'Azure AD' option.


3) The AzureAD External Directory Service parameters form is presented. 


4) You must configure the following:

  • The Directory (tenant) ID is mandatory.
  • The Application (client) ID is mandatory.
  • The Client Secret Key is mandatory.
  • The Groups field is used to limit the set of users that are eligible to be synchronized to the Authomate server. Only users that are members of one of these groups – including members of groups that are members of these groups – will be included in the list of users shown when you open the synchronize external users page. If no groups are selected, then all users will be shown
  • When the settings checkbox 'Verify account status on each credential use'  is checked,  the server verifies that the user's account in AD exists, the account is unlocked, and receive shared credentials whenever you:
    • unlock the app
    • use the app to log into a website (via the extension on a PC), application or PC in online mode.


Below is a sample configuration. Before saving your entries you can test your configuration by clicking on the Test Settings button.


5) Verify if records retrieved are the results you expect.


6) Once complete click on the Save button and you are now ready to add users to the team from the external directory server. 


7) To add users from the Directory Server (LDAP/Azure AD) click on the Manage Users tab and select  "Synchronize External Users" from the Menu as shown below. for more information on adding users from an external directory server click here.