Using Active Directory as the Authentication Source for Digital Hive

Using Active Directory as the Authentication Source for Digital Hive

Question

Can Digital Hive leverage Active Directory as the authentication source so that existing AD users and groups can be used?

Answer

Digital Hive can be configured to use Active Directory authentication as long as the Digital Hive server is domain joined and part of the Active Directory. 
It is highly recommended that Active Directory integration is configured BEFORE a user has logged into the Digital Hive application. If a user has previously logged into Digital Hive before Active Directory was configured, please contact the Customer Success team at support@digitalhive.com.

Note: After completing these steps, the first user to log into Digital Hive will be the Super User so please make sure that the first user to access Digital Hive is the intended Super User.
  1. From within the Services panel, stop the DigitalHive-node1 service
  2. Using the Windows File Explorer, navigate to <install directory>\DigitalHive\app\node1\tomcat\bin
  3. Right click on the tomcat9w.exe file
  4. Select Create shortcut
  5. Drag the newly created tomcat9w.exe - Shortcut to the desktop
  6. Right click on the tomcat9w.exe - Shortcut
  7. Select Properties
  8. On the Shortcut tab, append //ES//DigitalHive-node1 to the Target making sure that there is a space between the value and the appended string  
  9. Click OK
  10. Double click the Desktop tomcat9w.exe - Shortcut
  11. Click Yes
  12. Select the Java tab
  13. In the Java Options: section add -Dspring.profiles.active=ad_auth to the list of strings 

  14. Click OK
  15. From within the Services panel, start the DigitalHive-node1 service
Digital Hive is now configured to use Active Directory for authentication. 

Synchronizing User Attributes

Another benefit of leveraging Active Directory as the authentication source for Digital Hive, is being able to synchronize some of the user attributes like, Name, email address, phone number, etc. If this is not desired, skip to step 6. To complete the AD integration:
  1. On the Digital Hive file system, browse to the <DH_install_directory>\app\node1\tomcat\conf directory
  2. Open the theia.properties file in a text editor
  3. Locate or add the following lines to the properties file, making sure to replace the italics text with the correct values for your environment
    motio.theia.ad.username=admin_user
    motio.theia.ad.password=unencrypted:password
    motio.theia.ad.url=server.domain.com:389
    motio.theia.ad.domainName=AD_domain(that appears before the users' account name)
  4. Using the unencrypted: flag as part of the password will encrypt the password next time Digital Hive starts
  5. Save the changes to the file
  6. In Services, start the DigitalHive - node 1 service
Info
If communication to the AD server needs to be done through secure LDAP calls, then the ad.url property would look something like ldaps://server.domain.com:636

Mapping Active Directory Groups to Digital Hive Roles

Now that Digital Hive is authenticating against Active Directory, you will likely want to map your AD Groups to Digital Hive. In Digital Hive you can create and update roles and can assign them to objects. Digital Hive comes with a set of capabilities that are the building blocks of roles. The default Digital Hive roles are: 
  1. Admin
  2. Author
  3. Consumer
  4. Owner
Roles are a collection of capabilities. Roles are used to control access to the various Hives and pages that are created. Capabilities are used to restrict access to different aspects of Digital Hive functionality. 
Here are the steps to map AD groups to Digital Hive roles. This document assumes you have already created groups in AD for admins, consumers and authors and added the users to the appropriate groups.

  1. From within Digital Hive, click on your avatar in the upper right hand corner and select Manage Digital Hive 
  2. Click on Security and select the Roles module 
  3. Click anywhere on the Admin row in the right hand pane and the Admin Role Details will open 
  4. Click the Edit icon  above the AD Users/Groups to get this role entry
  5. Enter the AD Group information which is in the DOMAIN\GROUPNAME syntax
  6. Click the  icon to commit the changes
  7. Click anywhere outside the Role Details panel, or the X in the top right corner to close the Role Details panel
  8. Repeat steps 4 through 7 for other roles
  9. From within the Services panel, start the DigitalHive-node1 service
This concludes the mapping of Active Directory groups to the Digital Hive roles. Any users in the Active Directory group for admins will now have the admin role assigned to them in Digital Hive. Users in other mapped groups will also be granted dynamic access to those various roles.

    • Related Articles

    • Using OAuth as the Authentication Source for Digital Hive

      Question Can Digital Hive leverage OAuth as the authentication source so that existing users and groups can be used? Answer OAuth sources like Azure and Google can both be leveraged for Digital Hive authentication. When using external third-party ...

    • Using SAML as the Authentication Source for Digital Hive

      Question Can Digital Hive leverage SAML as the authentication source so that existing an SAML provider can be used? Answer Digital Hive, both Windows and Linux, can be configured to use SAML authentication. It is highly recommended that SAML ...

    • Using OIDC or Oauth as the Authentication Source for Digital Hive

      Question Can Digital Hive leverage OIDC (OpenID Connect) or Oauth as the authentication source for Digital Hive? Answer Digital Hive can be configured to use OIDC and/or Oauth authentication, but some default configuration parameters will have to be ...

    • Removing Digital Hive Users that have been Disabled or Removed from the Active Directory

      Question How do I remove Digital Hive users that have either been disabled or removed from Active Directory? Answer In version 2024.2, a mechanism was added that will remove Digital Hive accounts that are no longer active within Active Directory. ...

    • Digital Hive Architecture Overview

      Overview Digital Hive is a lightweight, web-based application that is both easy to install as well as to maintain and manage. Other than the Microsoft C++ redistributable (https://www.microsoft.com/en-ca/download/details.aspx?id=40784), there are no ...