Configure Active Directory
When a user logs in, NetWitness first attempts to authenticate locally. If no local user is found, and Active Directory configuration is enabled, an attempt is made to authenticate with Active Directory Service. You can configure Active Directory settings to enable authentication of external groups in the (Admin) > Security view > Settings tab.
In an environment with multiple authentication servers, LDAP forwarding allows LDAP referral following for AD group lookups. LDAP forwarding can increase the time required to log on because AD group lookups are extended to connected authentication servers. When your AD instance attempts to contact domain controllers that are blocked by your firewall, users can experience a delay of several minutes in logging on to NetWitness. NetWitness has a configuration option that specifies whether LDAP forwarding occurs; by default, LDAP referrals are disabled. When disabled, your AD instance does not attempt to contact referred domain controllers.
Note: The Settings tab also provides the option to enable PAM configuration, which can be used simultaneously with Active Directory configurations. For information on enabling and configuring PAM authentication, see Configure PAM Login Capability.
Configure Active Directory Authentication
To configure Active Directory authentication:
- Go to (Admin) > Security.
The Security view is displayed with the Users tab open. - Click the Settings tab.
The Active Directory Configurations list is displayed in the panel so that you can add or edit a configuration. - Add, edit, or delete domains as necessary, as described in the following sections.
The domains added to this list are automatically populated in the External Group Mapping tab so that you can map security roles to each group.
Note: To configure security roles used for Active Directory access, see (Optional) Map User Roles to External Groups.
Note: After configuring an active directory with a domain in Admin > Security > Settings, once you authenticate successfully using the respective active directory credentials, you are tied to that specific active directory and the domain thus configured.
Add a New Active Directory Configuration
To add a new active directory configuration in the Active Directory Configurations list:
- Under Active Directory Configurations, click .
The Add New Configuration dialog is displayed. - Select the Enabled checkbox.
- Enter Domain, Host and Port information for the Active Directory Service.
IMPORTANT:
Starting from NetWitness Platform 12.4 or later, when using AD configuration with SSL, if the IP address of the AD does not match with the CN name, you must enter the CN name instead of the IP address in the Host field. Additionally, you must add the IP address and CN name to the /etc/hosts file on the admin server to ensure successful configuration.
- (Optional) To select SSL for this configuration, select the SSL checkbox. You must then enter the Active Directory server certificate file by clicking Browse and selecting the desired file to upload.
- In the Username Mapping field, select the Active Directory search field to use for username mapping. You can select userPrincipalName (UPN) or sAMAccountName.
- For sites that have multiple authentication servers, click Follow Referrals to enable or disable LDAP referral following for AD group lookups.
- In the Username and Password fields, enter the username and password for a bind user to access Active Directory. This is usually a service account that has permissions to query the domain and validate user accounts and group membership.
Note: If you selected sAMAccountName in the Username Mapping field, you must enter the username in the format "domain\user" to authenticate.
- Click Save.
The new configuration is listed in the Active Directory Configurations list.
Edit an Active Directory Configuration
To edit an active directory configuration in the Active Directory Configurations list:
- Under Active Directory Configurations, select the configuration you wish to edit and click .
The Edit Configuration dialog is displayed. - (Optional) Enter the Domain, Host and Port information for the Active Directory Service.
IMPORTANT:
Starting from NetWitness Platform 12.4 or later, when using AD configuration with SSL, if the IP address of the AD does not match with the CN name, you must enter the CN name instead of the IP address in the Host field. Additionally, you must add the IP address and CN name to the /etc/hosts file on the admin server to ensure successful configuration.
- (Optional) To select SSL for this configuration, select the SSL checkbox. You must then enter the Active Directory server certificate file by clicking Browse and selecting the desired file to upload.
- (Optional) In the Username Mapping field, select the the Active Directory search field to use for username mapping.
- To specify the Follow LDAP referrals behavior in environments with multiple authentication servers, select the Follow Referrals checkbox.
- If you want to disable LDAP forwarding, clear the box.
- If you want to enable LDAP forwarding, select the box.
- In the Username and Password fields, enter the username and password for a bind user to access Active Directory. This is usually a service account that has permissions to query the domain and validate user accounts and group membership.
- Click Save.
The configuration is listed in the Active Directory Configurations list.
Test an Active Directory Configuration
To test an Active Directory configuration:
- Select the configuration to be tested from the Active Directory Configurations list.
- In the toolbar, click .
A message that the test is successful is displayed. - If the test does not succeed, review and edit the configuration.
Delete an Active Directory Configuration
To delete an Active Directory configuration:
- Under Active Directory Configurations, select the configuration to be deleted from the Active Directory Configurations list.
- In the toolbar, click .
A message is displayed warning you that all users in the selected Active Directory configuration will not be able to log in to NetWitness if it is deleted. - Do one of the following:
- To confirm the deletion, click Yes.
- To cancel the deletion, click No.