Configuring authentication settings

You can configure OnCommand Workflow Automation (WFA) to use a Microsoft Active Directory (AD) Lightweight Directory Access Protocol (LDAP) server for authentication and authorization.

Before you begin

You must have configured a Microsoft AD LDAP server in your environment.

About this task

Only Microsoft AD LDAP authentication is supported for WFA. You cannot use any other LDAP authentication methods, including Microsoft AD Lightweight Directory Services (AD LDS) or Microsoft Global Catalog.

Note: During communication, LDAP sends the user name and password in plain text. But LDAPS (LDAP secure) communication is encrypted and secure.


  1. Log in to WFA through a web browser as an admin.
  2. Click Administration > WFA Configuration.
  3. In the WFA Configuration dialog box, click the Authentication tab, and then select the Enable Active Directory check box.
  4. Enter the required information in the fields:
    1. Optional: If you want to use the user@domain format for domain users, replace sAMAccountName with userPrincipalName in the User name attribute field.
    2. Optional: If unique values are required for your environment, edit the required fields.
    3. Enter the AD server URI as follows: ldap://active_directory_server_address[:port]

      If you have enabled LDAP over SSL, you can use the following URI format: ldaps://active_directory_server_address[:port]

    4. Add a list of AD group names the required roles.
      Note: You can add a list of AD group names to the required roles in the Active Directory Groups Window.

      Adding Active Directory groups

  5. Click Save.