Active Directory (On-Premises)
This guide will teach you how to set up the connection for On-Premises Microsoft Active Directory and Clarity Security.
Estimated time to complete: 10 minutes
If you run into any problems, please contact your support team or email@example.com.
Before You Begin
To successfully connect your on-prem Active Directory and Clarity Security, you'll need the following pre-requisites before you begin:
- Admin access within your Active Directory
- Note: If you do not have admin access, reach out to your Active Directory admin for provisioning.
- You must have Clarity Connect configured for your tenant for any on-prem applications to communicate to Clarity.
- See Configuring On-Premises Clarity Connect for getting this setup.
- Admin access within your Clarity Security tenant
- Note: If you are a full admin in Clarity Security and get a permission error when trying to add a new application, reach out to firstname.lastname@example.org.
How to Setup the Connector
You will need an account (typically a service account) to facilitate the connection between Clarity and your on-prem Active Directory (by way of Clarity Connect). If you have this already, skip to Step 4.
Step 1: Create an Account
Create an account using the following steps (or contact your IT department to create one).
Step 2: Configure the Account
Fill out the info following your organization's standards. You will need the distinguishedName and password for configuration in Clarity (distinguishedName shown below).
Step 3: Delegate Control
You will need to delegate control for the newly created service account. The following permissions are required for all features to work:
- Create, delete, and manage user accounts
- Read all user information
- Modify the membership of a group
Step 4: Retrieve the Distinguished Name
For the newly created service account, you will need to grab Distinguished Name for use during configuration.
Step 5: Log in to Clarity
Log in to your Clarity tenant using an account with Admin permissions.
Step 6: Click on Applications > Marketplace
Step 7: Find MS Active Directory > Connect
Scroll or search to find MS Active Directory and click
Step 8: Connect App
Complete the App Settings form. Details for fields common to all applications can be found in the following article: Common App Configuration Steps
MS AD Connection Fields:
- ad_host: This can either be the IP address or Fully Qualified Domain Name for your Active Directory server.
- username: This is the distinguished name for the service account you created in Step 4.
- Example: CN=Clarity Service,CN=Users,DC=claritysecuritydemo,DC=io
- password: This is the password for the service account you created earlier in Step 2.
- base_dn: This is the distinguished name for where you want Clarity to search for Users, Groups, etc. inside your Active Directory.
- "DC=claritysecuritydemo,DC=io" would allow searching an entire domain for accounts, but "OU=UsersOU,DC=claritysecuritydemo,DC=io" would only allow Clarity to search inside of the "UsersOU" and anything nested inside.
Step 9: App Settings
Complete the App Settings form. Details for each field can be found in the following article: Common App Configuration Steps
Step 10: User Settings
Complete the User Settings form, and check the table at the top to see if any features are unsupported. Details for each field can be found in the following article: Common App Configuration Steps
Step 11: Validate Your Selections and Save
If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.