Configure Active Directory as Primary Authentication

By setting up Active Directory as the primary authentication service for Bitium, you can extend your primary identity to all your cloud apps. Employees will log into Bitium using their Active Directory username and password.

Active Directory Integration is available to Business Plus and Unlimited plan users. To learn more, please visit our Plans page or contact support@bitium.com.

Setup Process:

Setting up an Active Directory connector with Bitium is simple. While logged into Bitium as an admin for your org:

  1. Open the “Manage [ORG]” menu and select “Security.”
  2. On the Security Settings screen, select “Primary Authentication.”
  3. On the Primary Authentication screen, click the “Add New Form of Authentication” button. On the “New Primary Authentication” screen, select “Active Directory” from the drop-down menu.
  4. Then, supply the required information about your Active Directory server and an AD account that has permission to browse groups and accounts.
  5. Click “Save”, and Bitium will confirm the supplied information. Once confirmed, your users may log into Bitium using their AD credentials.

Recommendations:

Bitium accesses your AD server directly in real-time. All access is done over SSL and originates from a single IP address allowing you to create very specific firewall rules. We also encourage you to setup a read-only replica (RODC) in a DMZ network.​

The system can be setup using Bitium’s authentication initially, access permissions can be configured, and then primary authentication can be turned on afterwards. So long as the user email addresses match, the changeover is seamless. The advantage of this approach is that user onboarding and the technical configuration can be run in parallel.

Technical Information:

Originating IP Address: 34.196.47.96 (gw02.bitium.com)

Recommended port and protocol: LDAPS (port 636 - see http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx)

Notes:

Bitium can support non-standard ports as well; use server.domain:port notation when supplying the Server information to specify a different port.

Important – The account used for setting up the Active Directory connector must have permission to browse the list of users and groups.