Enabling Active Directory Security Mode

GENESIS Security can synchronize its user accounts with Active Directory, so users can log into GENESIS with their Active Directory username and password. Permissions for users and groups are defined in the GENESIS Security database.

To synchronize security with Active Directory:

  1. (Optional) Set the security to testing mode to help keep you from getting locked out if something is configured incorrectly later.

  2. Open Workbench and in Project Explorer, expand your project > Security > Global Settings . On the General Settings tab, set Security Mode to Active Directory . Additional settings for the Active Directory mode are displayed.

  3. Complete the Active Directory Settings section according to your domain settings.

    • In Initial administrator account, enter the Service Principal Name of the account that will be granted full permissions in the following form:

      user@example.com

    • In AD synchronization period, specify how often Security checks the Azure AD for changes. If any changes are detected, Security re-downloads all users and group information from Azure AD into memory.

      To download the Azure AD structure immediately, click Synchronize now.

    • In User authentication methods, select one of the following options:

      • Active Directory : Authenticates users by calling the Active Directory.

      • Active Directory (User-Principal-Name being translated to SAM-Account-Name) : When users are mapped from User-Principal-Name, Security tries to translate them into SAM-Account-Names by querying the Active Directory.

      • Active Directory (SAM-Account-Name being translated to User-Principal-Name) : When users are mapped from SAM-Account-Name, Security tries to translate them into User-Principal-Names by querying the Active Directory.

      • Local Logon: Calls the LogonUser function locally on the server, which allows the user to log in later, even when the Active Directory is not available.

  4. (Optional) Enable automatic login and Windows integrated authentication.

  5. (Optional) To restrict login access to users in a specific group, go to the Only Users from a Specific Group section, select Enabled, and enter the Group Name.

  6. In the Domain Connection Authentication section, enter the User Name and Password for the account used to authenticate access to the Active Directory.

  7. Click Apply , and then try to log in as an Active Directory user.

  8. If all tests succeeded, set the security back to active mode.