Active Directory
The Spider has Windows Active Directory (AD) integration available.
Preparation
A set of groups need to be added to the AD. The roles are also listed in the UserRoles. The naming of the AD groups is up to you. Access will be granted after a user logs in and the validation with the AD group is successfull. According to the AD group the user is added to, the according Spider rol will be addressed to that user.
An example of the setup you could use;
| Spider Userrole | Windows AD Group | Spider AD Setting |
|---|---|---|
| IWM_ADMIN | PRD_SP_ADM | PRD_SP_ADM |
| IWM_OPERATOR | PRD_SP_OPE | PRD_SP_OPE |
| IWM_DISPLAY | PRD_SP_DIS | PRD_SP_DIS |
| IWM_HISTORY | PRD_SP_HIS | PRD_SP_HIS |
| IWM_VIEW | PRD_SP_VIE | PRD_SP_VIE |
Activate AD Integration
You have to login with the default Admin account to be able to activate the Active Directory integration. Nidaros can provide the default admin credentials.
There are two steps needed to activate the connection:
- Adjustment webconfig
- Adjustment Spider Active Directory Settings
Change WebConfig
The config can be found on the IIS server in the Spider IIS site at: inetpub\wwwroot\<IWM_SITE>\dashbord\Web.config
Adjust these lines:
<add key="UseActiveDirectory" value="true" />
<add key="ADHostName" value="" />
Set UseActiveDirectory to True to activate the usage of the AD integration
Tip
The hostname is only needed when the IIS server is not added to the AD domain or if there are multiple AD domains on the same network.
Spider Adjustments
Login with the default admin account and navigate to Settings > Active Directory and add the AD groups you have set in your AD.
Hit Save to enable the configuration. A restart of the IIS site is not needed. The Spider will now check if the user is connected to an AD group that is listed in the configuration.
Open a new browser (incognito) session and login with an AD user that is assigned to one of the groups you have set in the configuration.
- If the login is successfull you can close your first session. The AD integration is successfull.
- If the login does not work check all the settings above again.