Using Active Directory as the Authentication Source for Digital Hive
Question
Can Digital Hive leverage Active Directory as the authentication source so that existing AD users and groups can be used?
Answer
Digital Hive can be configured to use Active Directory authentication as long as the Digital Hive server is domain joined and part of the Active Directory.
It is highly recommended that Active Directory integration is configured BEFORE a user has logged into the Digital Hive application. If a user has previously logged into Digital Hive before Active Directory was configured, please contact the Customer Success team at support@digitalhive.com.
Note: After completing these steps, the first user to log into Digital Hive will be the Super User so please make sure that the first user to access Digital Hive is the intended Super User.
- From within the Services panel, stop the DigitalHive-node1 service
- Using the Windows File Explorer, navigate to <install directory>\DigitalHive\app\node1\tomcat\bin
- Right click on the tomcat9w.exe file
- Select Create shortcut
- Drag the newly created tomcat9w.exe - Shortcut to the desktop
- Right click on the tomcat9w.exe - Shortcut
- Select Properties
- On the Shortcut tab, append //ES//DigitalHive-node1 to the Target making sure that there is a space between the value and the appended string
- Click OK
- Double click the Desktop tomcat9w.exe - Shortcut
- Click Yes
- Select the Java tab
- In the Java Options: section add -Dspring.profiles.active=ad_auth to the list of strings
- Click OK
- From within the Services panel, start the DigitalHive-node1 service
Digital Hive is now configured to use Active Directory for authentication.
Mapping Active Directory Groups to Digital Hive Roles
Now that Digital Hive is authenticating against Active Directory, you will likely want to map your AD Groups to Digital Hive. In Digital Hive you can create and update roles and can assign them to objects. Digital Hive comes with a set of capabilities that are the building blocks of roles. The default Digital Hive roles are:
- Admin
- Author
- Consumer
- Owner
Roles are a collection of capabilities. Roles are used to control access to the various Hives and pages that are created. Capabilities are used to restrict access to different aspects of Digital Hive functionality.
Here are the steps to map AD groups to Digital Hive roles. This document assumes you have already created groups in AD for admins, consumers and authors and added the users to the appropriate groups.
Here are the steps to map AD groups to Digital Hive roles. This document assumes you have already created groups in AD for admins, consumers and authors and added the users to the appropriate groups.
- From within Digital Hive, click on your avatar in the upper right hand corner and select Manage Digital Hive
- Click on Security and select the Roles module
- Click anywhere on the Admin row in the right hand pane and the Admin Role Details will open
- Click the Edit icon
above the AD Users/Groups to get this role entry
- Enter the AD Group information which is in the DOMAIN\GROUPNAME syntax
- Click the
icon to commit the changes
- Click anywhere outside the Role Details panel, or the X in the top right corner to close the Role Details panel
- Repeat steps 4 through 7 for other roles
- From within the Services panel, start the DigitalHive-node1 service
This concludes the mapping of Active Directory groups to the Digital Hive roles. Any users in the Active Directory group for admins will now have the admin role assigned to them in Digital Hive. Users in other mapped groups will also be granted dynamic access to those various roles.
Related Articles
Using OAuth as the Authentication Source for Digital Hive
Question Can Digital Hive leverage OAuth as the authentication source so that existing users and groups can be used? Answer OAuth sources like Azure and Google can both be leveraged for Digital Hive authentication. When using external third-party ...Using SAML as the Authentication Source for Digital Hive
Question Can Digital Hive leverage SAML as the authentication source so that existing an SAML provider can be used? Answer Digital Hive, both Windows and Linux, can be configured to use SAML authentication. It is highly recommended that SAML ...Removing Digital Hive Users that have been Disabled or Removed from the Active Directory
Question How do I remove Digital Hive users that have either been disabled or removed from Active Directory? Answer We added a mechanism that will remove Digital Hive accounts that are no longer active within the Active Directory. Here are the steps ...Digital Hive Architecture Overview
Overview Digital Hive is a lightweight, web-based application that is both easy to install as well as to maintain and manage. Other than the Microsoft C++ redistributable (https://www.microsoft.com/en-ca/download/details.aspx?id=40784), there are no ...Digital Hive Auditing Explained
Question The Digital Hive Control Center doesn't seem to provide any reports or views around usage of the platform. Is there a way to create reports to show metrics like the amount of reports executed by platform, the number of searches being made, ...