User administration via Active Directory
If TightGate-Pro is connected to an Active Directory (AD) directory service, users can be automatically authenticated via single sign-on as soon as they have logged on to their workstation in the same AD domain. Furthermore, essential characteristics of the user accounts can be maintained centrally in the AD, which significantly facilitates the administration of TightGate-Pro, especially in larger infrastructures.
In order for TightGate-Pro to work with an Active Directory, the following configurations must be made:
Requirements and example values
To connect TightGate-Pro to an Active Directory, certain requirements must be met.
The necessary steps differ depending on whether a single system or a computer network (cluster system) of TightGate-Pro is to be connected to an Active Directory. Care must be taken to make the correct settings for the respective application.
TightGate-Pro The software must always be up-to-date, otherwise errors may occur during the connection to an Active Directory. Furthermore, an operational Microsoft Windows Server from version 2008R2 is required, which should also be on the latest software version.
The following list summarises the information required prior to setting up the Active Directory for use with TightGate-Pro. The example values used are for illustration purposes only; they must be replaced by the correct values in the respective application context.
Attention: There are important differences between setting up a single system and a cluster system from TightGate-Pro.
a) Parameter overview for connecting a single system TightGate-Pro
| Name | Description | Example value |
|---|---|---|
| ADS-REALM | Domain of the AD server. Attention: Writing in capital letters is mandatory. | SSO.M-PRIVACY.HOM |
| IPv4 AD server | IPv4 address of the server hosting the AD. | 192.168.4.208 |
| DNS name AD server | Resolvable name of the AD server. | win2008 |
| DNS | IPv4 address of the AD server that also functions as DNS. | 192.168.4.208 |
| Domain TG-Pro | Domain in which TightGate-Pro server is located. For single systems, identical to ADS-REALM. Attention: Writing in lower case is obligatory! | sso.m-privacy.hom |
| IPv4 NTP | IPv4 address of an NTP time server | 192.168.4.254 |
| IPv4 TG-Pro | IPv4 address of the TightGate-Pro, to which users log on. | 192.168.4.202 |
| DNS name TG-Pro | Name of TightGate-Pro, to which TightGate viewers log on. The name can be freely chosen, but must be resolvable from the client network to the IP address of TightGate-Pro. | TGPro |
b) Parameter overview for connecting a cluster system TightGate-Pro
| Name | Description | Example value |
|---|---|---|
| ADS-REALM | Domain of the AD server. Attention: Writing in capital letters is mandatory. | SSO.M-PRIVACY.HOM |
| IPv4 AD server | IPv4 address of the server hosting the AD. | 192.168.4.208 |
| DNS name AD server | Resolvable name of the AD server. | win2008 |
| DNS | IPv4 address of the AD server that also functions as DNS. | 192.168.4.208 |
| Domain TG-Pro | Domain in which TightGate-Pro is located. For single systems, identical to the ADS-REALM. Resolvable name of the TightGate-Pro cluster to which the TightGate clients log on. Attention: Writing in lower case is mandatory! | internet.intern.netz |
| IPv4 NTP | IPv4 address of an NTP time server | 192.168.4.254 |
| IPv4 TG-Pro | IPv4 addresses of the TightGate-Pro where users log on. In the example, it is a cluster of 4 computers (nodes) | 192.168.111.1 to 192.168.111.4. |
| Load balancer on TG-Pro | The nodes of the TightGate-Pro cluster responsible for load distribution | 192.168.111.1 and 192.168.111.2 |
| Computer name of TG-Pro in the AD | Computer account on the ADS. | srv-TGPro |