IR WIKI

Active Directory Operator Authentication

2 min read

Active Directory Operator Authentication

Overview

Integriti Active Directory integration allows system operators to authenticate using their standard Windows domain credentials when logging into the Integriti System Designer or GateKeeper applications. This facilitates Single Sign-On (SSO) and centralizes operator account management within the corporate IT environment.

Authentication Modes

Operators can be configured to log in using one of three modes:

  • Mixed Mode: Allows both Active Directory users and local Integriti operators to log in. This is the recommended mode for initial setup and testing.
  • Active Directory: Restricts login access exclusively to Active Directory users.
  • Built-In: Only accepts standard local Integriti operators (bypassing AD).

WARNING

Mixed Mode should always be used first to verify the AD connection. Switching directly to Active Directory mode without a properly configured AD group or operator mapping can result in a permanent software lockout.

Best Practice: Always maintain at least one built-in Integriti operator account for emergency access during network outages, domain controller failures, or administrative recovery.

Prerequisites

  • License: An “Active Directory Operators” license is strictly required.
  • Domain Membership: The PC running the Integriti Server must be a member of the target Windows Domain.
  • AD Groups: Relevant operators must belong to Active Directory Security Groups that will be mapped to Integriti roles.

Configuration Steps

  1. Enable Mode: Navigate to System Settings Authentication Mode and select Mixed Mode (recommended) or Active Directory.
  2. Enable SSO: Tick the Allow Active Directory SSO option to allow users to sign on using their currently logged-on Windows account without re-entering credentials.
  3. Link Operators:
    • Manual Method: Manually link individual Integriti Operator records to a specific Domain account via the Active Directory User field.
    • Automatic Method: Link Active Directory Groups to Integriti Operator Types. Active Directory users belonging to these groups will have Integriti operator records created automatically upon their first login, inheriting the permissions defined in the mapped Operator Type.

Troubleshooting

Common login error messages and their causes:

  • “Authentication scheme not licensed”: The required Active Directory Operators license is missing or expired.
  • “The server is not operational”: Indicates a network outage or the Domain Controller is inaccessible.
  • “Current security context is not associated with an Active Directory domain or forest”: The user does not exist in the domain, or does not belong to a group that has been assigned an Integriti Operator Type.

Graph View

Backlinks