Active Directory and LDAP

2016-12-02 5 minutes to read
Tutorial Index

Integrating your Active Directory with SecSign

Most users are stored in common user management systems like Active Directory, and introducing a new service like 2FA should seamlessly integrate with this. With SecSign you have a solution that is built for AD, LDAP and other user management systems for a simple and secure rollout, convenient user management and unlimited options for extending the services.

The following summary gives an overview of how the 2FA can be integrated with your Active Directory for your setup.

Protect Logins

Protect your Logins with SecSign ID 2FA

The following graphic shows how your setup can be protected with the SecSign ID 2FA as compared to your setup right now.

Without the SecSign ID setup your data are presented to attackers without any means of serious protection. You might as well draft that press release about a security breach now.

You can secure your AD authentication with SecSign based on your requirements, individual setup and preferences. Protect each service with the respective SecSign ID 2FA plugin to ensure secure authentication via your Active Directory. Or use our SAML interface to manage all logins with a convenient SSO setup and centralized user management.

With the SecSign ID plugin, SAML, ADFS or custom Setup your setup is secured against attacks and breaches of all kinds, from outside attacks, reused passwords and more. You can secure one service, or several services at a time. Connect your AD for maximum convenience and security, easy rollout and comprehensive user management. Set up security requirements based on your preferences, including additional password authentication (two-step authentication) or basic 2FA without any complex passwords.

Login Procedure

System Overview and Login Procedure

The following diagram gives an overview of how the AD is integrated with the SecSign ID setup, in this case with a web service to be protected with 2FA.

Select a different service to see how the AD can be integrated with your individual setup. Select the interface you want to protect with 2FA in the dropdown menu to see how the 2FA can be integrated with your Active Directory.

SecSign ID Integration

Please configure your desired integration of the SecSign ID Two Factor Authentication

Choose a system, where you want to add the secure login

Do you need your own ID Server inside your protected network or prefer if we manage and maintain it for you

The location to save the assigned SecSign IDs to a user account or the IDM alltogether

System to protect
The System you want to protect - Choose a system, where you want to add the secure login
SecSign ID Server location
Do you need your own ID Server inside your protected network or prefer if we manage and maintain it for you
User account location
The system to save the assigned SecSign IDs to a user account or the IDM alltogether
edit the settings to change the integration
2FA blind
2FA no AP
2SA no AP
2SA blind
Custom ID
IDP Custom Website
Enrollment initiated by SP
Enrollment with IDM
Show Network
Hide Network
Request Solution
The authentication was successful

Your Active Directory is used to manage your users and forward the authentication request to the service the user wants to access (for example RDP, Atlassian, SAML SSO setups). To protect your users with two-factor authentication for their logins, please choose the respective plugins for the services you need to secure (for example RDP, Atlassian, SAML setups).

Key Facts

Key Facts for using your Active Directory

You can connect your SecSign ID on-premise Server with your Active Directory to simplify the user ID rollout and management.

Key Facts
  • Conveniently connect your AD with the on-premise server, for example via LDAP connectors
  • You can use the Active Directory to conveniently enroll your users and activate the 2FA
  • 2FA requirements and rules can be managed for entire Active Directory groups, and mandatory 2FA can be activated or deactivated for specific groups
  • You can protect your AD access via SAML and use SAML to link external Cloud Services, for example Atlassian Cloud services
  • You can integrate your Active Directory with or without Schema Extension
  • You can choose between keeping your Active Directory with the SecSign ID server providing only the 2FA ID, or using the SecSign ID server as a complete IdM solution.
  • Integration

    Technical Tutorial for the Active Directory integration

    The comprehensive technical Tutorial for the Active Directory integration and setup is available here.

    AD Technical Tutorial


    When you integrate your Active Directory with SecSign 2FA you can conveniently enroll your users for secure authentication. To build your 2FA setup you then only need to connect your services with the SecSign 2FA plugins. Contact us if you need help figuring out which plugins you need, or if you have any other questions.

    Which plugins do you need?

    Plugin Overview

    Comprehensive IdM Solution

    Manage your users, authentication setup, endpoint monitoring and security setup all in one solution. With SecSign ID you only need one setup.

    Secure and manage your users and your data with one convenient and intuitive solution.

    More Information about the SecSign IdM

    Enrolling your Active Directory users for 2FA

    When connecting your Active Directory you have numerous options on how to enroll your users for 2FA, depending on your requirements and preferences. More information about Rollout Procedures are available here.
    2FA Rollout

Your own ID-Server

On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.

Learn More
On Premise 2FA ID

Latest Blog Posts, Updates & Features

SecSign ID Server passed FIDO Certification

We are happy to announce that the SecSign ID server has passed the official FIDO certification program of the FIDO Alliance. This will allow you to use the complete FIDO2/WebAuthn standard for passwordless 2FA sign-ins in your exi ...

Mehr Lesen

Two-Factor Authentication with Fido2 / WebAuth

The FIDO2 Project is a set of standards developed by the FIDO Alliance and the World Wide Web Consortium (W3C) to create a strong authentication protocol for the web. It consist mainly of the WebAuth standard for the browser part ...

Mehr Lesen

Protecting the Home Office VPN with 2FA

In the recent weeks, home office work has increased potentially. And while employees are practicing social distancing from their home computer, attackers are working hard to exploit security issues in this situation that is unfami ...

Mehr Lesen
SecSign 2FA