Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Active Directory Authentication

Authentication Types

Egnyte supports three types of authentication:

  • Egnyte - authentication with Egnyte credentials.
  • SSO - authentication with a Single Sign-On provider like Azure, Okta, AD FS, etc.
  • AD - authentication with Active Directory Domain Controller. 

Users can have different authentication types. Authentication can be set up in account settings. This article focuses on the last authentication type - AD.

Prerequisites

  • Your Domain Controller should be exposed to the Internet. Our recommendation is to limit this exposure to the following ports:
    • 636
    • 3269 - only if you use a global catalog
  • IP addresses for firewall whitelisting: Refer to Egnyte-Hostnames-for-Firewall-Rules

We do not recommend using non-encrypted ports 389 and 3268 in production mode.

Scenarios

Two basic scenarios cover most cases.

  • Scenario 1: There is only one BindDN specified, and all users in Active Directory have the same domain in their UPNs.
    Example of users UPNs:
    user1@acme.com
    user2@acme.com
    user3@acme.com

  • Scenario 2: There are multiple BindDNs specified, and users in Active Directory have different domains in their UPNs.
    Example of users UPNs:
    ACME.us\User1
    ACME.eu\User2
    ACME.uk\User3

Navigate to Settings > Security and Authentication and enable LDAP authentication:

Screenshot 2024-06-26 at 4.02.24 PM.png

Scenario 1:

Fill in all fields with your data and credentials, as shown in the examples.

Please remember to test your settings before saving.

webui_redesign_active_directory_settings.png

Scenario 2:

By default, multiple BindDNs are not supported; however, we can use prefix from pre-Windows 2000 format because it's usually the same for all users in our AD, e.g., ACME\user1.

Example configuration:

webui_redesign_active_directory_settings2.png

Additional Notes

  • Users must manually refresh the page after configuring AD authentication details in Egnyte.
  • ADKit does not sync passwords with Egnyte, so they are not stored in our databases.
  • During the authentication process, Egnyte servers ask the Domain Controller for authentication via LDAPS protocol.
  • Troubleshooting steps:
      • Check your credentials in your Domain Controller. 
      • Check if LDAPS is enabled and configured correctly in your AD.
      • Check if firewall settings are correct (if proper ports are open and if Egnyte IPs are added to exceptions).

 

Was this article helpful?
0 out of 0 found this helpful

For technical assistance, please contact us.