Synchronizing AD groups and DNN Global Security Roles

Audience: L1/L2 Agents and Administrators

Question

How can someone synchronize Active Directory (AD) groups to the Global Security Roles within DNN?

Solution

Below is a simple illustration showing how DNN Platform can integrate with Active Directory. In this solution, we are relying on LDAP (Lightweight Directory Access Protocol) to consume information from Active Directory.

Model

  • The Active Directory server provides an LDAP protocol that exposes the AD user data store.
  • DNN Platform is hosted on the IIS server that is a member of the Active Directory domain.
  • Corporate users (employees) are automatically signed in to the DNN Platform.
  • Clients using Internet connection can still view DNN website as a Guest or a Registered User (if they manually sign in to the DNN).

To achieve this integration, there is a built-in solution under Available Extensions for AD integration which allows you to synchronize roles in DNN with groups in AD. 

  

To configure your Active Directory and DNN to synchronize each other, please check the "Synchronize Role?" on Site Settings for the DNNPro_ActiveDirectoryAuthenticaiton extension.

The role synchronization needs to match roles with the same names. Therefore, if you have a role in AD called Marketing, it should also be created in DNN with the same name. Then once the user logs in they will be added to the DNN Role as well.

Important: For anyone using a version below 9.2, the default Administrator role is not synchronized. Thus AD Administrators will not become DNN Administrators.

For more information on how to create DNN roles, please check the following KBs:

For more information on how to configure the “AD-Pro Authentication” plugin, please check the following documentation: 

 

Article by: Hamid Waqas

Product: DNN Active Directory Authentication

Comments

1 comment

Please sign in to leave a comment.