Help Desk
Contact Support

Welcome to
Help Desk

Product Updates
 Training
Support
 Ideas Contact Support

Active Directory Authentication

Follow

Authentication Types

Egnyte supports three types of authentication:

  • Egnyte - authentication with Egnyte credentials.
  • SSO - authentication with a Single Sign-On provider like Azure, Okta, AD FS, etc.
  • AD - authentication with Active Directory Domain Controller. 

Users can have different authentication types. Authentication can be set up in account settings.

This article focuses on the last authentication type - AD.

Prerequisites

Your Domain Controller should be exposed to the Internet. Our recommendation is to limit this exposure to the following:

Ports:

  • 636
  • 3269 - only if you use a global catalog

Please do not use non-encrypted ports 389 and 3268 in production mode.

IPs for firewall whitelisting:

Location Default IP Subnet Address
West Coast

162.216.251.0/24

35.236.56.251

34.94.215.52

34.94.100.159
East Coast

162.216.252.0/24

34.85.149.135

34.150.210.15

34.85.245.110
Europe

162.216.250.0/24

35.190.199.51

104.155.27.98

34.78.25.130

Scenarios

Two basic scenarios cover most cases.

  • Scenario 1: There is only one BindDN specified, and all users in Active Directory have the same domain in their UPNs.
    Example of users UPNs:
    user1@acme.com
    user2@acme.com
    user3@acme.com

  • Scenario 2: There are multiple BindDNs specified, and users in Active Directory have different domains in their UPNs.
    Example of users UPNs:
    ACME.us\User1
    ACME.eu\User2
    ACME.uk\User3

Navigate to Security and Authentication settings and enable LDAP authentication:

WebUI_webui_redesign_Active_Directory_Authentication_1.gif

Scenario 1:

Fill in all fields with your data and credentials, as shown in the examples.

Please remember to test your settings before saving.

WebUI_webui_redesign_Active_Directory_Authentication_2.jpeg

Scenario 2:

By default, multiple BindDNs are not supported; however, we can use prefix from pre-Windows 2000 format because it's usually the same for all users in our AD, e.g., ACME\user1.

Example configuration:

WebUI_webui_redesign_Active_Directory_Authentication_3.jpeg

Additional Notes

  • ADKit does not sync passwords with Egnyte, so they are not stored in our databases.
  • During the authentication process, Egnyte servers ask the Domain Controller for authentication via LDAPS protocol.
  • Troubleshooting steps:
      • Check your credentials in your Domain Controller. 
      • Check if LDAPS is enabled and configured correctly in your AD.
      • Check if firewall settings are correct (if proper ports are open and if Egnyte IPs are added to exceptions).

 

 

Was this article helpful?
1 out of 3 found this helpful

For technical assistance, please contact us.