Question
Can Digital Hive leverage Active Directory as the authentication source?
Answer
Digital Hive can be configured to use Active Directory authentication in Windows environments and when the Digital Hive server and Active Directory server are domain joined.
It is highly recommended that Active Directory integration is configured BEFORE a user has logged into the Digital Hive application. If a user has previously logged into Digital Hive before Active Directory was configured, please contact the Customer Success team at
support@digitalhive.com.
Note: After completing these steps, the first user to log into Digital Hive will be the Super User so please make sure that the first user to access Digital Hive is the intended Super User.
- In Services, stop DigitalHive - node1 service
- In File Explorer, navigate to DigitalHive\app\node1\tomcat\bin
- Right Click tomcat9w
- Select Create shortcut
- Drag tomcat9w - Shortcut to your Desktop
- Right Click tomcat9w -
Shortcut
- Select Properties
- In Target, append this: //ES//DigitalHive-node1
- Click OK
- Double Click tomcat9w -
Shortcut
- Click Yes
- Click the Java tab
- In Java Options, append -Dspring.profiles.active=ad_auth
- Click OK
Synchronizing User Attributes
Another benefit of leveraging Active Directory as the authentication source for Digital Hive, is being able to synchronize some of the user attributes like, Name, email address, phone number, etc. If this is not desired, skip to step 6. To complete the AD integration:
- On the Digital Hive file system, browse to the <DH_install_directory>\app\node1\tomcat\conf directory
- Open the tomcat.properties file in a text editor
- Locate or add the following lines to the properties file, making sure to replace the italics text with the correct values for your environment
motio.theia.ad.username=admin_user
motio.theia.ad.password=unencrypted:password
motio.theia.ad.url=server.domain.com:389
motio.theia.ad.domainName=AD_domain(that appears before the users' account name) - Using the unencrypted: flag as part of the password will encrypt the password next time Digital Hive starts
- Save the changes to the file
- In Services, start the DigitalHive - node 1 service
If communication to the AD server needs to be done through secure LDAP calls, then the ad.url property would look something like ldaps://server.domain.com:636
Digital Hive is now setup to use AD for authentication.
Mapping AD Groups to Digital Hive Roles
Now that Digital Hive is authenticating against AD, you will
likely want to map your AD Groups to Digital Hive. In Digital Hive you can
create and update roles and can assign them to objects. Digital Hive comes with
a set of capabilities that are the building blocks of roles. The default Digital
Hive roles are:
● Consumer
● Author
● Admin
● Owner
Roles are a collection of capabilities. Roles are used to
control access to Game Boards. Capabilities are used to restrict access to Digital
Hive functionality.
Here are the steps to map AD groups to Digital Hive roles.
This document assumes you have already created groups in AD for admins,
consumers and authors and added the users to the appropriate groups.
- Launch Digital Hive
- Click
your avatar and select Manage Digital Hive
- Click Security
- Click Roles
- Now
you will map the AD Admin group to the Digital Hive Admin role. Click
anywhere in the Admin row and you will be presented with the Role
Details
- Click
Edit above the AD Users/Groups to
get this role in order to map an AD group to it.
- Enter
your AD Group information, in this example, the AD group is called DigitalHive-Admins and the domain is DIGITALHIVE, next click the
- Click
anywhere on the left pane or the X on the top right to get out of
Role Details
- Repeat
steps 5 through 8, for Author and for Consumer. In this case, we have AD groups called: DigitalHive-Authors and DigitalHive-Consumers and mapped them to the Digital Hive Author and Consumer roles respectively.
- In Services, start DigitalHive - node 1 service
You
have completed mapping your AD groups to Digital Hive roles. Any users in your
Active Directory group for Admins will have the admin role in Digital Hive. Users in your AD Authors group will have the
Author role and be able to create Hives. Users in your AD Consumers group will
have the Consumer role and be able to view Hives they have access to.