Authentication types

Egnyte supports three types of authentication:

  • Egnyte - authentication with Egnyte credentials.
  • SSO - authentication with a Single Sign-On provider like Azure, Okta, AD FS, etc.
  • AD - authentication with Active Directory Domain Controller.

Users can have different authentication types. Authentication can be set up in account settings.

This article focuses on the last authentication type - AD.

Prerequisites

Your Domain Controller should be exposed to the Internet. Our recommendation is to limit this exposure to the following:

Ports:

  • 636
  • 3269 - only if you use global catalog

Please do not use non-encrypted ports 389 and 3268 in production mode.

IPs for firewall whitelisting:

Location Default IP Subnet Address
West Coast

162.216.251.0/24

35.236.56.251

34.94.215.52

34.94.100.159

East Coast 162.216.252.0/24
Europe 162.216.250.0/24

Scenarios

Two basic scenarios cover most cases.

  • Scenario 1: There is only one BindDN specified, and all users in Active Directory have the same domain in their UPNs.
    Example of users UPNs:
    user1@acme.com
    user2@acme.com
    user3@acme.com

  • Scenario 2: There are multiple BindDNs specified, and users in Active Directory have different domains in their UPNs.
    Example of users UPNs:
    user1@acme.us
    user2@acme.uk
    user3@acme.eu

Navigate to Security and Authentication settings and enable LDAP authentication:

ezgif.com-gif-maker__1_.gif

Scenario 1:

Fill in all fields with your data and credentials, as shown in the examples.

Please remember to test your settings before saving.

mceclip0.png

Scenario 2:

By default, multiple BindDNs are not supported; however, we can use prefix from pre-Windows 2000 format because it's usually the same for all users in our AD, e.g., ACME\user1.

Example configuration:

mceclip2.png

Additional notes:

  • ADKit does not sync passwords with Egnyte, so they are not stored in our databases.
  • During the authentication process, Egnyte servers ask the Domain Controller for authentication via LDAPS protocol.
  • Troubleshooting steps:
      • Check your credentials in your Domain Controller. 
      • Check if LDAPS is enabled and configured correctly in your AD.
      • Check if firewall settings are correct (if proper ports are open and if Egnyte IPs are added to exceptions).