Configuring authentication settings

You can configure OnCommand Workflow Automation (WFA) to use a Microsoft Active Directory (AD) Lightweight Directory Access Protocol (LDAP) server for authentication and authorization.

Before you begin

You must have configured a Microsoft AD LDAP server in your environment.

About this task

Only Microsoft AD LDAP authentication is supported for WFA. You cannot use any other LDAP authentication methods, including Microsoft AD Lightweight Directory Services (AD LDS) or Microsoft Global Catalog.

Note: During communication, LDAP sends the user name and password in plain text. However, LDAPS (LDAP secure) communication is encrypted and secure.

Steps

  1. Log in to WFA through a web browser as an admin.
  2. Click Settings, and under Setup click Authentication.
  3. Select the Enable Active Directory check box.
  4. Enter the required information in the fields:
    1. Optional: If you want to use the user@domain format for domain users, replace sAMAccountName with userPrincipalName in the User name attribute field.
    2. Optional: If unique values are required for your environment, edit the required fields.
    3. Enter the AD server URI as follows: ldap://active_directory_server_address[:port]
      Example
      ldap://NB-T01.example.com[:389]

      If you have enabled LDAP over SSL, you can use the following URI format: ldaps://active_directory_server_address[:port]

    4. Add a list of AD group names the required roles.
      Note: You can add a list of AD group names to the required roles in the Active Directory Groups Window.
  5. Click Save.
  6. Optional: If LDAP connectivity to an array is required, configure the WFA service to log on as the required domain user:
    1. Open the Windows services console by using services.msc.
    2. Double-click the NetApp WFA Server service.
    3. In the NetApp WFA Server Properties dialog box, click the Log On tab, and then select This account.
    4. Enter the domain user name and password, and then click OK.