Authentication Types
Egnyte supports three types of authentication:
- Egnyte - authentication with Egnyte credentials.
- SSO - authentication with a Single Sign-On provider like Azure, Okta, AD FS, etc.
- AD - authentication with Active Directory Domain Controller.
Users can have different authentication types. Authentication can be set up in account settings. This article focuses on the last authentication type - AD.
Prerequisites
- Your Domain Controller should be exposed to the Internet. Our recommendation is to limit this exposure to the following ports:
- 636
- 3269 - only if you use a global catalog
- IP addresses for firewall whitelisting: Refer to Egnyte-Hostnames-for-Firewall-Rules
We do not recommend using non-encrypted ports 389 and 3268 in production mode.
Scenarios
Two basic scenarios cover most cases.
-
Scenario 1: There is only one BindDN specified, and all users in Active Directory have the same domain in their UPNs.
Example of users UPNs:
user1@acme.com
user2@acme.com
user3@acme.com
-
Scenario 2: There are multiple BindDNs specified, and users in Active Directory have different domains in their UPNs.
Example of users UPNs:
ACME.us\User1
ACME.eu\User2
ACME.uk\User3
Navigate to Settings > Security and Authentication and enable LDAP authentication:
Scenario 1:
Fill in all fields with your data and credentials, as shown in the examples.
Please remember to test your settings before saving.
Scenario 2:
By default, multiple BindDNs are not supported; however, we can use prefix from pre-Windows 2000 format because it's usually the same for all users in our AD, e.g., ACME\user1.
Example configuration:
Additional Notes
- Users must manually refresh the page after configuring AD authentication details in Egnyte.
- ADKit does not sync passwords with Egnyte, so they are not stored in our databases.
- During the authentication process, Egnyte servers ask the Domain Controller for authentication via LDAPS protocol.
- Troubleshooting steps:
- Check your credentials in your Domain Controller.
- Check if LDAPS is enabled and configured correctly in your AD.
- Check if firewall settings are correct (if proper ports are open and if Egnyte IPs are added to exceptions).