AD Authentication in Hosting Controller version 10

 

AD Authentication in Hosting Controller

Hosting Controller now allows Active Directory groups and user authentication modes to access the various provisioning tiers of the control panel and perform related activities at their respective levels. The mechanism of Active Directory Authentications is explained briefly in this document.
 
Inside HC panel, there are 3 types of Authentications using which a user can login into the HC10 control panel and perform certain operations according to the role assigned to it. These Authentication Settings are explained below:
 
 
  • Internal HC Authentication
  • External AD-User Authentication
  • External AD-Group Authentication

Internal HC Authentication:
This is default mechanism of Hosting Controller authentication i.e. All users (Global Admins, Resellers, Clients) are created in HC backend Database which is stored inside Microsoft SQL Server and when these user’s login into HC10 panel then their authentication is carried out from HC Database.
 
External AD-User Authentication:
If “External AD-User Authentication” is enabled then all users (GlobalAdmin, Resellers and clients) are created as Active Directory Users which is configured inside HC panel.  For this following step are needed to be carried out:
 
 
  • Login as Global Admin.
  • Navigate to Configurations >> Panel Conf. >> Auth Settings
  • Select Authentication Type as “External AD-User Authentication”.
  • Provide details of Domain Controller, Domain Administrator Credentials and Root Organization Unit under which each AD User account created via HC10 will be located.
  • Click on Check Connectivity button and then save the settings upon successful connection.
**If you are already running HC Panel and now selecting AD Authentication then make sure, Panel users are existed with same name in the active directory.
 
Note : To configure External AD-User Authentication , apiadmin user must be created under the Root Organizational Unit shown in above diagram and its password should be specified in HC10 panel under Control Panel Users >>  Staff Members >> Edit User >> Change Password. After it, Change the apiadmin user in HC10 panel from Control Server Manager >> Control Servers >> Edit by clicking on change apiadmin user and then save button.
 
 
 
External AD-Group Authentication:
If “External AD-Group Authentication” is selected in HC panel, then all the Roles Global Admin, Resellers, Clients are added as Security Groups in Active Directory under the Root Organizational Unit which is configured in HC10 panel. Upon making any AD User member of the Reseller Group, those users will be allowed to login using their AD credentials and will be assigned the privileges of a reseller. Same is true for all other Group Roles. Given below are the steps to configure these authentication settings,
 
 
  • Login as Global Admin.
  • Navigate to Configurations >> Panel Conf. >> Auth Settings
  • Select Authentication Type as “External AD-Group Authentication”.
  • Provide details of Domain Controller, Domain Administrator Credentials and Root Organization Unit under which each role GlobalAdmin, Resellers or Clients will be added as AD Group inside Active Directory.
  • Click on Check Connectivity button and then save the settings upon successful connection.​
**If you are already running HC Panel and now selecting AD Group Authentication then make sure, Groups are existed with same name as Panel user in the active directory
 
Note : To configure External AD-Group Authentication , apiadmin Group must be created under the Root Organizational Unit shown in above diagram. After this you will create a user belonging to this apiadmin group in Active Directory and its password will be specified in HC10 panel at Control Server Manager >> Control Servers >> Edit by specifying "AD Username" and "AD User Password" respectively. 
 
 
See above screenshot for clarity where HCUser is member of apiadmin Group in AD. Specify its credentials in the below page and then click on Save button.
 
Benefits of Granting Group Access to the Panel
  • The entire notion of granting group level access to the panel revolves around the ability to have multi-user access for the same level.  Multiple users of the same AD group can login to the panel, with their respective credentials and perform desired tasks.
  • Most organizations require their existing AD user base to login directly to an automation solution, using their AD credentials. Hosting Controller fulfills the desired objective by making AD-User or AD-Group authentication possible.
  • Each individual user can be held accountable for his actions. User audit across user base can easily be made possible.