Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Active Directory Authentication


What is Active Directory?

Active Directory (AD) is a database and a set of services that connects users to the network resources they require to complete their tasks. The database (or directory) contains critical information about your environment, such as the number of users and computers present, as well as who is authorised to do what. For example, the database could contain 100 user accounts with information such as each person's job title, phone number, and password. It will also keep track of their permissions. The services manage a large portion of the activity in your IT environment. They specifically ensure that each person is who they claim to be (authentication), usually by checking the user ID and password they enter, and limit their access to only the data they are authorised to use (authorization).

Advantages of using Active Directory (AD) Authentication

The Top 3 major benefits of Active Directory Domain Services are:

  • Centralized resources and security administration - Active Directory provides a centralised location for administrators to manage and secure network resources and security objects. Active Directory administration can be based on an organisational model, a business model, or the types of functions being administered.
  • Single point of access to global resources - Active Directory only needs to identify and authenticate the user once. After this process is completed, the user signs on once to access the network resources that he or she is authorised for, based on the roles and privileges assigned to him or her in Active Directory.
  • Simplified resource allocation - By allowing files and print resources to be published on the network, Active Directory simplifies resource allocation. Users can securely access network resources by searching the Active Directory database for the desired resource after publishing an object.

Active Directory Authentication using miniOrange

miniOrange supports user authentication from external directories such as Active Directory, OpenLDAP, and OpenDS, among others. We have directory integration solutions that are simple and easy to use for both cloud and on-premise applications. This on-demand integration service enables user authentication, user provisioning, de-provisioning, and application usage reporting. The fact that miniOrange's directory integration is simple to set up is an important aspect of this service. MiniOrange also supports thousands of applications and provides an SSO mechanism for users in the integrated directory.

WorkFlow

Active Directory(AD) Authentication

  • User sends the request to access the resource from an application.
  • The Application sends an authentication request to miniOrange.
  • The miniOrange forwards the authentication request to Active Directory.
  • Active Directory sends the response to the application through miniOrange. This response contains the user’s information as well as the authentication status, based on which the user is given access to the resource.
  • Upon successful authentication, the user is given access to the resource.

To set up Active Directory Authentication, you can follow the steps here.


Authentication in Active Directory entails more than just the verification of a username and password. miniOrange AD authentication includes the following components:

Self-service password reset

Self-service password reset allows users to change or reset their passwords without the involvement of an administrator or help desk. If a user forgets his password, the miniOrange solution can be used to generate a new one for him. Self-service password reset works in the following scenarios:

  • Password change - when a user knows their password but wants to change it to something new.
  • Password reset - when a user can't sign in, such as when they forgot their password, and want to reset their password. There are various ways available to reset a password :
    • Password reset via the link sent to the registered email address.
    • A link will be sent to the registered phone number to change the password.
    • User have to perform some sort of authentication like answering the already configured Security Questions in order to change the password.
  • When a user uses self-service password reset to update or reset their password, that password is also written back to an Active Directory environment. Password writeback ensures that a user's updated credentials are immediately usable with on-premises devices and applications.

AD Multi-Factor Authentication

MFA (Multi-Factor Authentication) is a type of authentication in which a user must provide additional multi-factors in order to gain access to specific resources. In this context, resources refer to a website, an application, a network, or a VPN.

Rather than simply asking for a username and password, MFA (Multi-Factor authentication) adds additional verification factors (OTP, push notifications, fingerprint, etc.) that indirectly halt cyber attackers' activities such as phishing, Malware, and so on, providing a high level of assurance and security. Simply put, you must convince the system or online service of your identity multiple times before the system can determine whether you have the rights to obtain the data services that you are attempting to retrieve.

Active Directory(AD) Authentication

The goal of using MFA is to create a layered defence so that even if one factor (username-password) is stolen or a targeted cyber attacker has at least one more barrier to overcome before successfully breaking into the actual targeted device.

Passwordless authentication

Users can log in without having to remember a password using passwordless connections. To login to the application, users simply enter their username and pass the 2-factor authentication by entering an OTP or receiving push notifications. This provides people with a simple and convenient way to sign in and access data from anywhere.

Passwords are also a major vulnerability because users reuse passwords and can share them with others. An attacker cannot easily replicate 2-factor authentication methods. miniOrange provides ways to natively authenticate using passwordless methods to simplify the sign-in experience for users and reduce the risk of attacks.

Further References

Our Other Identity & Access Management Products