Authentication settings

Authentication settings allows you to the configure a Lightweight Directory Access Protocol (LDAP) connection to an organization’s Active Directory environment. This area is only available if you are an administrator.

To open the Authentication settings page, click your profile icon to open the Settings page, and then click Authentication settings.

The Authentication settings page provides you with the following information and functions:

  1. Edit view – Define the columns that are displayed. You can then show or hide the columns using the toggle switches.

  2. Filter – Filter the information that is displayed. You can turn on the required filters and enter or select the appropriate information for display, for example, you could turn on the Domain filter and enter the domain name.

  3. Save view – Save your current column settings. You can enter a name for your view to make it easily identifiable when loading views.

  4. Load view – Load a saved view. You can select the required view and click Apply.

  5. Add new – Add a new connection.
  6. EditEdit the selected connection details.
  7. Re-syncRe-sync the users with Hub. You need to do this if new users are added to Active Directory.

  8. Status – This icon changes when you select a connection based on the status of the connection.  

  9. DeleteDelete the selected connection. You can only delete a retired connection.

  10. Rows per page – Enter a number, or use the up and down arrows, to change the number of rows seen on a page.

  11. Previous and Next – Click Previous or Next to move through the pages.

Add a new connection

If you add more than one LDAP connection into Hub which contain the same users (such as name, email address, and domain), duplicate users will be created which could lead to login issues. When synchronizing the users in the procedure described below, ensure that you only select the users that you require to prevent duplicate users from being imported.

  1. On the Authentication settings page, click Add new.

    The Create authentication connection page displays.

  2. Complete the Configuration fields:

    • Connection Name – A name that you want the connection to be known as.

    • Domain – The name of the domain you are connecting to, for example “bp”.

      Do not use the fully qualified domain name (FQDN) of your domain. You must use the short name format.

    • LDAP Server – The hostname of the LDAP server, for example blueprism-srv1.local.

    • Port Number – The port number it operates on, by default this is port 389.

    • Base DN – The starting point within the Active Directory where the system begins to look for users, for example dc=blueprism, dc=local.

  3. Complete the Query Bind fields:

    • Time Out – The timeout period in seconds that the system will wait to get a response from the Active Directory server.
    • Query Bind Username – An Active Directory user that has access to the organization’s LDAP system.
    • Query Bind Password – The password for the Active Directory user.

  4. Complete the Attributes fields. The purpose of this section it to map the Active Directory attributes to the Hub fields. The text entered in these fields must match named attributes within the user profile in Active Directory. You can use the Active Directory Users and Computers (ADUC) tool to find the user attributes by selecting a user and then clicking the Attribute Editor tab to view the mapping of attributes to values.

    • Username – The Active Directory attribute name for the username, for example, ‘SAMAccountName’.
    • First Name – The Active Directory attribute name for the user's first name, for example, ‘givenname’.
    • Last Name – The Active Directory attribute name for the user's last name, for example, ‘sn’.
    • E-mail – The Active Directory attribute name for the user's email, for example, ‘mail’.

  5. To test that everything is set up correctly, enter the username in the Test Username field and click Lookup User. The text entered in the Test Username field must match the text format of the Active Directory Attribute. For example, if the username is set to:

    • ‘SAMAccountName’, then the test data is likely to be in the format domain\user.
    • ‘name’, then the test data is likely to be in the format user.

    The associated information will be retrieved and populated in the corresponding Attributes fields.

  6. Click Create authentication connection.

    A notification message displays confirming the connection is successful and you are prompted to import users.

  7. Click Yes to synchronize now. Alternatively, you can select No and synchronize later using the process in Synchronize Active Directory users.

    A message displays indicating the number of users found.

  8. Click Proceed.

    A list of users display. These have not yet been imported to Hub as you need to configure the permissions and roles for the required users.

  9. Select a user to import and assign the appropriate Hub roles and/or any Interact responsibilities.

    If you configure a user to have a Hub Administrator role, they will have access to all the plugins and features of Hub, including the ability to create new Database and LDAP connections and other security features so it is important to assign this role with care.

  10. Repeat for all required users.

  11. Click Save access and roles.

    Only the users that have had their roles and permissions defined are saved and the Users page displays with the new users shown.

Edit a connection

  1. On the Authentication settings page, select the check box for the required connection.
  2. Click Edit.
  3. Edit the information as required. You can not change the domain, LDAP server, port number or base DN.
  4. Click Save.

Synchronize Active Directory users

When additional users are added to Active Directory, those users must be synchronized with Hub.

  1. On the Authentication settings page, select the check box for the required connection.

  2. Click Re-Sync.

  3. Select the required user to add to the Hub user base, assigning the appropriate Hub roles and/or any Interact responsibilities.
  4. Repeat for all required users.

  5. Click Save access and roles.

    Only the users that have had their roles and permissions defined are saved and the Users page displays with the new users shown.

Retire and reinstate a connection

Retiring a connection does not affect the status of the associated users – users can still log in and use the applications. All users associated with an LDAP connection can be retired by deleting the connection.

  1. On the Authentication settings page, select the check box for the required connection.

    If the connection is:

    • Live, the Status icon displays as Retire.
    • Retired, the Status icon displays as Make Live.
  2. To retire a connection:

    1. Click Retire.

      A message displays asking you to confirm.

    2. Click Yes.

      The connection is retired and Retire changes to Make Live.

  3. To make a retired connection live, click Make Live.

    The connection is instantly reinstated and Make Live changes to Retire.

    You can use the Live filter to filter the list for retired connections.

Delete a connection

You can only delete a retired connection.

  1. On the Authentication settings page, select the check box for the required connection.

  2. Click Delete.

    A message displays asking you to confirm.

  3. Click Yes.

    The connection is deleted and all users associated with it are retired.