search

Active Directory

hashtag
🔐 Active Directory (AD) Integration

The Windows Active Directory (AD) data connector integrates ONES with your enterprise directory service using LDAP, enabling centralized authentication and streamlined user identity management.

With this integration, users can log in using their existing AD credentials—eliminating the need to create and manage local accounts within ONES, while ensuring consistent and secure access control across the organization.

hashtag
Deploy

  1. Navigate: Admin View >> Data Connectors >> Add Connectors

  1. Proceed with Active Directory Connector

  1. Add the inputs

    • Name - Logical name for the AD integration

    • Description - Description for identification

    • Host IP - Active Directory domain controller address

    • Host Port - LDAP port (Default secure 636/non secure 389)

    • Base Directory Root - Base DN for directory searches

    • Username - LDAP bind user or service account

    • Password - Password for the bind account

    • Organizational Unit (OU) - Scope user searches to a specific OU

  1. Connect

  • Click Connect to validate credentials and establish the connection

hashtag
🔑 Initial Login (First-Time Setup)

When accessing the ONES application for the first time, LDAP is not yet configured.

  • The default login uses the built-in super admin account

  • On first login, the super admin is required to change the default password as part of standard security practices

At this stage:

  • LDAP is not involved

  • Credentials are stored locally in the ONES database (ones-db)

  • This behavior remains unchanged even after LDAP integration is enabled later

hashtag
👤 Creating Users After Super Admin Login

Once logged in, the super admin can create users and assign appropriate roles.

During General Settings under preferences, there are two options for authentication:

a. Directory Authentication: Activate AD single sign-on

b. Local authentication (Default Authentication)

hashtag
🔒 Permissions & Restrictions for LDAP Users

Users authenticated via AD have limited access:

  • Cannot create new users

  • Do not have access to user management pages (these sections are hidden in the UI)

Only the super admin has the ability to:

  • Create and manage users

  • Assign roles

  • Configure and control LDAP integration

PreviousService Now IntegrationNextUsers

Last updated