Install and Configure ControlSuiteToken Vault integrationToken Vault configuration settingsAuthentication settingsManage user domains

Manage user domains

When certain on-premises Active Directory users cannot log in to Token Vault as they do not have permissions to access Active Directory to retrieve user and group membership data from the Active Directory, access to Active Directory domains must be configured.

This setting is available only when On-premises or Microsoft Entra ID and on-premises is selected for Active Directory Type.

To configure access to Active Directory domains:

  1. Select On-premises or Microsoft Entra ID and on-premises as the Active Directory Type.
  2. Click Manage user domains under Active Directory settings group.

    The Manage user domains page with the list of configured domain names is displayed.

  3. Click Register new to configure Active Directory access to a new domain.
  4. On the Add new domain page, enter the Domain name.
  5. As Domain controller host specify the domain controller server host name as Domain controller host or leave it blank to use the Domain Name as domain controller server host name.

    Users whose Active Directory objects are managed by the specified Domain controller host must specify the Domain name as domain when specifying their username in DOMAIN\USERNAME format at logging in to Token Vault.

  6. Specify the distinguished name of the Active Directory container under which the user objects are located as Base DN or leave it blank to use the default "Users" Container (CN=Users,DC=yourDomain,DC=COM) and the "Computers" Container (CN=Computers,DC=yourDomain,DC=COM) as root.
  7. Select Directory access type to retrieve user and group data from the Active Directory.

    The possible values of this configuration setting include:

    • Use end-user's credentials: for retrieving user and group data from the Active Directory, the logged-in user is used.

    • Use specified credentials: for retrieving user and group data from the Active Directory, the specified service user is used.

  8. In case of "Use end-user's credentials" directory access type, specify a set of user credentials (User name for testing and Password for testing) for testing the access to and for retrieving user and group data from the specified Active Directory domain controller.

    In case of "Use specified credentials" directory access type, specify the service user credentials (Username and Password) for access to and for retrieving user and group data from the specified Active Directory domain controller. The Username must be specified in DOMAIN\USERNAME format.

  9. Click Save.

    The Manage user domains page with the list containing the configured domain names is displayed.

    To edit a domain configuration, click the Edit button belonging to a list item and modify the same settings as above on the Edit domain page.

    To remove a domain configuration, mark the checkbox of a list item and click Remove.