In Configure Active Directory authentication, in Prerequisites they mentioned
Before configuring Active Directory authentication, make sure you meet the following requirements.
The front-end server needs to be part of the Active Directory domain.
You need to have a domain (to be set as Default Domain) that ensures all traversed paths between domains are bidirectional in terms of trust.
can any one explain me , how i can do this one?
Hi Manuja,
Regarding the first point; the OutSystems FE servers need to be part of the domain the users will be authenticating against. e.g. if a user's username is DomA\User1 then the OutSystems FE servers need to be part of the domain DomA
For the second point; when config AD Authentication, the value you set in Default Domain (e.g. DomA) should ensure all traversed paths between domains are bidirectional in terms of trust.
Bidirectional trust (from Microsoft) is "In a two-way trust, Domain A trusts Domain B and Domain B trusts Domain A. This configuration means that authentication requests can be passed between the two domains in both directions"
If the second part is not in place, below are the consequences as per OutSystems public doc:
"The Active Directory APIs used by the Platform require all traversed paths between domains during the search process to be bidirectional in terms of trust between said domains. If this is not possible, all the synchronization and access to users' details from the external system are unavailable. Some of the issues of using a default domain with restricted access are:
Users deactivated in the external system will still be active on the Platform.
Metadata changed in the external system will not be synced to the Platform."
Hope this helps