The AD Integration tab allows the Studio administrators to integrate their Studio Enterprise with their Active Directory domain controller.
Before getting started:
- Set up an Active Directory account to be used as the Security Principal
- Prepare an LDAP connection string
- Ensure that the server is joined to the domain specified in the LDAP string
- Have at least one Studio admin account ready to map to Active Directory
- It is also recommended that you have at least one admin account that will not map to Active Directory
- Ensure that the Security Principal Account is also on the same domain
- Ensure that all users in Active Directory have the first name, last name and email address fields populated. Email addresses must be unique.
- It is also recommended that you configure a secondary Administrator account that will not map to an Active Directory user
To configure the Active Directory integration settings:
- Log into the Studio Enterprise
- Select the AD Integration
- Configure the following settings, as needed:
- Authentication Mode: Choose from the following options:
- Mixed Mode Credentials: Both Studio and Active Directory credentials can be used to access Studio Enterprise.
- Active Directory Credentials Only: Only Active Directory credentials can be used to access Studio Enterprise.
- Note: Until at least one administrator account has been mapped to Active Directory, Mixed Mode Credentials must be used. Once a valid administrator account has been properly mapped, Active Directory Credentials Only can be selected.
- LDAP Connection String: Enter the desired LDAP connection string for your If you would like to use an OU restriction, add it here as part of your LDAP Connection String.
- If you wish to use AD groups, you will be able to select them on the next screen.
- There is a known issue with LDAP queries on large sets of users: the Active Directory server might not paginate the results correctly, resulting in a display problem, if more than 1,000 users are returned. See http://support.microsoft.com/kb/977180/en-us for more information.
- Domain Name: Enter the Active Directory
- Security Principal Name: Enter or change the Security Principal.
- The Security Principal account is what Studio Enterprise uses to access your Active Directory server. It is strongly recommended that this account be one with a password that does not expire. If necessary, go to your Active Directory system and create a Security Principal account for Studio Enterprise (for example, “StudioServer@<yourdomain>“) to use as the Security Principal.
- Security Principal Password: Enter the password for the Security Principal
- Click Save Connection Settings.
- To use Active Directory groups in addition to LDAP, select Use AD Groups and select the desired groups from the list below, then click Save Group Settings.
- When Active Directory groups are used, users must be in both the LDAP Connection String and at least one of the selected Active Directory groups in order to access the server.
- After enabling Active Directory integration, you might want to map existing users to Active Directory accounts. This enables existing users with Studio accounts to continue to access their existing Sessions and Projects once they switch to Active Directory credentials. There are two ways to do this:
- Mapping users automatically: Click Auto-Map Users to automatically map users to Active Directory accounts with matching email Once the mapping is complete, a report specifying which accounts were mapped is generated for your review.
- Mapping users manually: Click Manually Map Users to jump to the AD Manage Users tab (see See “AD Manage Users” in the Studio Enterprise Guide), where you can manually map users to Active Directory accounts. Users whose Studio domain accounts and Active Directory accounts match do not need to be mapped manually; they will be mapped automatically the first time they log in.
After Active Directory integration is enabled, any users whose accounts are mapped to Active Directory must use their AD credentials for logging into the Studio Portal (domain\user).