Adding Active Directory

You can use Microsoft Active Directory (AD) to handle authentication on IBM BigFix. That allows you and other users to log in to the console using your Active Directory credentials, taking advantage of your existing authentication policies. The same advantage applies also to Web Reports.
Note: To integrate the Linux BigFix server with Active Directory you must configure the Kerberos protocol, downloaded as a prerequisite with the Linux BigFix server installation. For additional information, see the Integrating Linux Server with Active Directory.

Starting from BigFix Platform Version 9.2 Patch 19, integration with Active Directory that is configured with LDAP channel binding and LDAP signing is supported.

To add an existing Active Directory to the console, follow these steps:

  1. From the Tool menu, select Add LDAP Directory. The Add LDAP Directory dialog appears.
    This window displays the Add LDAP Directory dialog where Microsoft Active Directory is selected from the type pull-down.
  2. Provide a name for the Active Directory and from the Type pull-down, make sure Microsoft Active Directory is selected.
  3. Under Server, enter the host name, IP Address or fully qualified domain name of the server.
  4. To access an entire Active Directory forest, click This is a global catalog server.
  5. Click the button to connect as the root server service user or to use credentials. If you choose to connect using credentials, enter your Active Directory Username and Password.
  6. Click Test to make sure you have entered your information correctly and a connection can be made to your Active Directory server.
  7. Click Add to complete the Active Directory setup.
Note: When you add an LDAP Server as Microsoft Active Directory, ensure that on the LDAP server you have defined the UserPrincipalName attribute corresponding to the User logon name of each user. This attribute value is used on the BigFix Console for each user authentication.
Only when Active Directory is running over SSL, you must perform the following steps:
  1. Select Generic LDAP Server as server type and leave “Use SSL” selected.


    This window displays the Add LDAP Directory dialog where Generic LDAP Server is selected from the type pull-down.
  2. If the server is a global catalog server, specify as port number 3269.
  3. Click the Show advanced settings link. The user filter and group filter options are displayed:
    This window displays the Add LDAP Directory dialog with advanced settings.
  4. Enter UserPrincipalName in Login attribute.
    Note: The UserPrincipalName attribute cannot be one of the following formats: domain/user, domain.com/user, or user.
  5. Enter (objectClass=user) in User filter
  6. Enter (objectClass=group) in Group filter.
  7. Click Use the following credentials to connect to the directory server and enter your Active Directory Username and Password.
  8. Click Test to ensure you have entered your information correctly and a connection can be made to your Active Directory server.
  9. Click Add to complete the Active Directory setup.

Your Active Directory Server is now configured and available for use in the console.