Add or edit a directory

Add or edit an LDAP, AD or AD LDS directory

For directory server certificate validation, see Upload a ROOT CA certificate with the full bundle for doing directory server certificate validation.

To configure Host and Host Aliases fields, see Directory server certificate validation rules and use cases.

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Identity & Users > Directories.

  3. To add a new directory, click Add New Directory (+).

  4. Enter a name and description, and select the Service Type. For more information about supported directory services, see Directories.

  5. Click Add New Directory.
    The configuration page appears.

Next, edit the directory.

  1. To edit an existing directory, select your directory to open it.

  2. Review the Directory name and Service Type fields for accuracy. These fields cannot be modified. If these fields contain incorrect or incomplete information, you need to add a new directory.

  3. Select and configure one of the following:

    a. Use SSL protocol with directory certificate validation (recommended).

    • Host with ldaps (default). Enter a fully qualified domain name (FQDN)/IP of your native directory. By default, the port is 636 as per the standard. See, Directory server certificate validation rules and use cases.

    • Verify Origin Server Certificate (on-by-default). Allows you to verify the authenticity of the directory service provider using the origin server's certificate. Also provide these two fields:

    • Host Aliases (optional). If you are using multiple domain controllers or if you have an IP address for the Host field, provide the Subject Alternative Name (SAN) or Common Name (CN) from your server certificate. This is used to validate the server side certificate. For more information, see Directory server certificate validation rules and use cases.

    • ROOT CA Certificate (mandatory). Select the certificate issued by the certificate authority (CA) with the full bundle that you have uploaded into EAA. For more information, see Upload a ROOT CA certificate for origin server validation

    b. Use SSL protocol and not do directory certificate validation. This uses SSL protocol but the origin directory server is not validated since the verify origin server certificate is disabled.
    Host with ldaps. Enter fully qualified domain name (FQDN)/IP address of your native directory. By default, the port is 636 as per the standard.

    c. Not use SSL protocol and not do directory certificate validation.
    Host with ldap. Enter fully qualified domain name (FQDN)/IP address of your native directory. By default, the port is 389 as per the standard.

    πŸ“˜

    If firewalls are used, allow the ports so that Enterprise Application Access can communicate with the LDAP or LDAPS FQDN and port for authentication & password change/reset operations.

  4. In General settings complete the configuration:

    1. Fill in one of the following:

      • AD domain. Enter the domain where your directory is located.

      • LDAP domain. Enter the LDAP domain where your directory is located.

    2. Admin Account. Enter an administrator account that EAA can use to connect to this directory. The administrator account should have read-only access or higher. For example, use the format NetBiosDOMAIN\administrator. For a Microsoft Windows AD integration, enter Distinguished Name from the Microsoft Windows AD.

    3. Admin Password. Enter the password for the Admin account.

    4. Login Preference. Select the identifier for the user's principal in the directory. This is the input the user provides when accessing an application through the Enterprise Application Access Login Portal. For an AD directory type choose one of these: email, SAM account name, user principal name (UPN), or Domain/SAM account name. For an LDAP directory type choose one of these: email, UID. For an AD LDS directory type choose one of these: email, UID, or user principle name.

  5. Click Add Connector.
    The list of connectors appears.

  6. Select the connectors to associate with the directory. Your connector should run in Ready status.

  7. Click Add connector.

  8. For the first setup, click Save and Test.
    A new window opens and a test is run to check if the connector can communicate with the directory server. If the connectivity is successful, the Test Status returns Success. If the connector is unreachable or if you have multiple connectors associated and even if one of then are unreachable, a Test Status returns Failure. To resolve this issue, see Troubleshoot an unreachable connector. Next, click Retest. After the connectivity to the connector succeeds, you can add users and groups, overlay groups, or organization units (OU).

  9. Click Save.

Add users and invite them to the cloud directory

Add and invite, or invite again, users to the EAA service.

Add users to Enterprise Application Access by inviting them to the Cloud Directory. They receive an email with a link to activate their account. If a user is unable to activate their account, the email link may have expired. You cannot check if the link has expired. If you suspect the link has expired, invite the user again.

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Identity & Users > Directories.

  3. Click Cloud Directory.
    The Users page opens.

  4. Click Add New User (+).

  5. Enter email, first name, and last name.

  6. Click Send Invite.
    New users receive an email to create a password and complete their account authorization.

  7. Click Save User Changes (βœ“).
    You can create more groups and add users to various groups for role-based authorization.

  8. If the user is unable to activate the account due to an expired email link, you can select Re-invite User from the menu next to the user.
    The user receives an email with an active link to join the cloud directory.

  9. To perform a bulk upload, click Bulk Upload Users.
    The Bulk Upload Users dialog appears.

  10. Select your CSV file and click Upload.

Add or remove users from the Cloud Directory admins group

Manage the Cloud Directory Admins group. If a user is unable to log in to the ​Akamai​ Enterprise Center, complete this procedure to make sure that the user is part of the Cloud Directory admin group.

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Identity & Users > Directories.

  3. Select Cloud Directory to open it.

  4. Click Groups.

  5. Locate the Admins group.

  6. To add a user to the group, click the down indicator next to the number of Admins' group members.
    A list of existing users displays.

  7. Filter and select the required user or users from the list. Click Associate.

  8. To edit user memberships for the admin group, select or deselect a user or users, and click Associate.

  9. Click Save.

Overlay groups

To add users to different groups in the Active Directory (AD) or Lightweight Directory Access Protocol (LDAP), you can create a new group in the AD or LDAP or an overlay group. For already imported user groups, you can add users to the overlay group and give them permissions through the overlay group. Overlay groups can be thought of as a shortcut to creating a group in the AD or LDAP. Overlay groups are limited to one EAA >> directory.

Create an overlay group

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Identity & Users > Directories.

  3. Select your directory to open it.

  4. Click Groups.

  5. In the Groups menu, select Overlay Groups.

  6. Click Add New Group (+).

  7. Enter an Overlay Group name.

  8. Click Save group changes and next Save.
    You return to the Directory Groups page.

  9. Click Sync Directory.
    Whenever you create a group, you trigger a directory synchronization. This automatic sync occurs every six hours.

Next, add users to the overlay group.

Add users to an overlay group

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Identity & Users > Directories.

  3. Select your directory to open it.

  4. Click Groups.

  5. In the Groups menu, select Overlay Groups.

  6. Identify the overlay group to edit.

  7. To add a user to the group, click the down indicator next to the number of group members.

A list of existing users displays.

  1. Filter and select users from the list. Click Associate.

  2. Click Save.

  3. Click Sync Directory.
    The automatic directory synchronization takes place every 6 hours. If you want the directory changes to take immediate effect, you should sync it manually.


Did this page help you?