User administration via Active Directory

If TightGate-Pro is connected to an Active Directory (AD) directory service, users can be automatically authenticated via single sign-on as soon as they have logged on to their workstation in the same AD domain. Furthermore, essential characteristics of the user accounts can be maintained centrally in the AD, which significantly facilitates the administration of TightGate-Pro, especially in larger infrastructures.

In order for TightGate-Pro to work with an Active Directory, the following configurations must be made:

To connect TightGate-Pro to an Active Directory, certain requirements must be met.

The necessary steps differ depending on whether a single system or a computer network (cluster system) of TightGate-Pro is to be connected to an Active Directory. Care must be taken to make the correct settings for the respective application.

TightGate-Pro The software must always be up-to-date, otherwise errors may occur during the connection to an Active Directory. Furthermore, an operational Microsoft Windows Server from version 2008R2 is required, which should also be on the latest software version.

The following list summarises the information required prior to setting up the Active Directory for use with TightGate-Pro. The example values used are for illustration purposes only; they must be replaced by the correct values in the respective application context.

Attention: There are important differences between setting up a single system and a cluster system from TightGate-Pro.

a) Parameter overview for connecting a single system TightGate-Pro

NameDescriptionExample value
ADS-REALMDomain of the AD server.
Attention: Writing in capital letters is mandatory.
SSO.M-PRIVACY.HOM
IPv4 AD serverIPv4 address of the server hosting the AD.192.168.4.208
DNS name AD serverResolvable name of the AD server.win2008
DNSIPv4 address of the AD server that also functions as DNS.192.168.4.208
Domain TG-ProDomain in which TightGate-Pro server is located. For single systems, identical to ADS-REALM.
Attention: Writing in lower case is obligatory!
sso.m-privacy.hom
IPv4 NTPIPv4 address of an NTP time server192.168.4.254
IPv4 TG-ProIPv4 address of the TightGate-Pro, to which users log on.192.168.4.202
DNS name TG-ProName of TightGate-Pro, to which TightGate viewers log on. The name can be freely chosen, but must be resolvable from the client network to the IP address of TightGate-Pro.TGPro

b) Parameter overview for connecting a cluster system TightGate-Pro

NameDescriptionExample value
ADS-REALMDomain of the AD server.
Attention: Writing in capital letters is mandatory.
SSO.M-PRIVACY.HOM
IPv4 AD serverIPv4 address of the server hosting the AD.192.168.4.208
DNS name AD serverResolvable name of the AD server.win2008
DNSIPv4 address of the AD server that also functions as DNS.192.168.4.208
Domain TG-ProDomain in which TightGate-Pro is located. For single systems, identical to the ADS-REALM. Resolvable name of the TightGate-Pro cluster to which the TightGate clients log on.
Attention: Writing in lower case is mandatory!
internet.intern.netz
IPv4 NTPIPv4 address of an NTP time server192.168.4.254
IPv4 TG-ProIPv4 addresses of the TightGate-Pro where users log on. In the example, it is a cluster of 4 computers (nodes)192.168.111.1 to 192.168.111.4.
Load balancer on TG-ProThe nodes of the TightGate-Pro cluster responsible for load distribution192.168.111.1 and 192.168.111.2
Computer name of TG-Pro in the ADComputer account on the ADS.srv-TGPro