Using Active Directory as the Authentication Source for Digital Hive
Question
Can Digital Hive leverage Active Directory as the authentication source?
Answer
Digital Hive can be configured to use Active Directory authentication in Windows environments and when the Digital Hive server and Active Directory server are domain joined.
It is highly recommended that Active Directory integration is configured BEFORE a user has logged into the Digital Hive application. If a user has previously logged into Digital Hive before Active Directory was configured, please contact the Customer Success team at support@digitalhive.com.
Note: After completing these steps, the first user to log into Digital Hive will be the Super User so please make sure that the first user to access Digital Hive is the intended Super User.
Steps
- In Services, stop DigitalHive - node1 service
- In File Explorer, navigate to DigitalHive\app\node1\tomcat\bin
- Right Click tomcat9w
- Select Create shortcut
- Drag tomcat9w - Shortcut to your Desktop
- Right Click tomcat9w - Shortcut
- Select Properties
- In Target, append this: //ES//DigitalHive-node1
- Click OK
- Double Click tomcat9w - Shortcut
- Click Yes
- Click the Java tab
- In Java Options, append -Dspring.profiles.active=ad_auth
- Click OK
Synchronizing User Attributes
Another benefit of leveraging Active Directory as the authentication source for Digital Hive, is being able to synchronize some of the user attributes like, Name, email address, phone number, etc. If this is not desired, skip to step 6. To complete the AD integration:
- On the Digital Hive file system, browse to the <DH_install_directory>\app\node1\tomcat\conf directory
- Open the tomcat.properties file in a text editor
- Locate or add the following lines to the properties file, making sure to replace the italics text with the correct values for your environment
motio.theia.ad.username=admin_user
motio.theia.ad.password=unencrypted:password
motio.theia.ad.url=server.domain.com:389
motio.theia.ad.domainName=AD_domain(that appears before the users' account name) - Using the unencrypted: flag as part of the password will encrypt the password next time Digital Hive starts
- Save the changes to the file
- In Services, start the DigitalHive - node 1 service
If communication to the AD server needs to be done through secure LDAP calls, then the ad.url property would look something like ldaps://server.domain.com:636
Digital Hive is now setup to use AD for authentication.
Mapping AD Groups to Digital Hive Roles
Now that Digital Hive is authenticating against AD, you will likely want to map your AD Groups to Digital Hive. In Digital Hive you can create and update roles and can assign them to objects. Digital Hive comes with a set of capabilities that are the building blocks of roles. The default Digital Hive roles are:
● Consumer
● Author
● Admin
● Owner
Roles are a collection of capabilities. Roles are used to control access to Game Boards. Capabilities are used to restrict access to Digital Hive functionality.
Here are the steps to map AD groups to Digital Hive roles. This document assumes you have already created groups in AD for admins, consumers and authors and added the users to the appropriate groups.
- Launch Digital Hive
- Click
your avatar and select Manage Digital Hive
- Click Security
- Click Roles
- Now
you will map the AD Admin group to the Digital Hive Admin role. Click
anywhere in the Admin row and you will be presented with the Role
Details
- Click
Edit
above the AD Users/Groups to get this role in order to map an AD group to it.
- Enter
your AD Group information, in this example, the AD group is called DigitalHive-Admins and the domain is DIGITALHIVE, next click the
- Click anywhere on the left pane or the X on the top right to get out of Role Details
- Repeat steps 5 through 8, for Author and for Consumer. In this case, we have AD groups called: DigitalHive-Authors and DigitalHive-Consumers and mapped them to the Digital Hive Author and Consumer roles respectively.
- In Services, start DigitalHive - node 1 service
You
have completed mapping your AD groups to Digital Hive roles. Any users in your
Active Directory group for Admins will have the admin role in Digital Hive. Users in your AD Authors group will have the
Author role and be able to create Hives. Users in your AD Consumers group will
have the Consumer role and be able to view Hives they have access to.
Related Articles
Using Active Directory as the Authentication Source for Digital Hive
Question Can Digital Hive leverage Active Directory as the authentication source so that existing AD users and groups can be used? Answer Digital Hive can be configured to use Active Directory authentication as long as the Digital Hive server is ...Using OAuth as the Authentication Source for Digital Hive
Question Can Digital Hive leverage OAuth as the authentication source so that existing users and groups can be used? Answer OAuth sources like Azure and Google can both be leveraged for Digital Hive authentication. When using external third-party ...Using SAML as the Authentication Source for Digital Hive
Question Can Digital Hive leverage SAML as the authentication source so that existing an SAML provider can be used? Answer Digital Hive, both Windows and Linux, can be configured to use SAML authentication. It is highly recommended that SAML ...Removing Digital Hive Users that have been Disabled or Removed from the Active Directory
Question How do I remove Digital Hive users that have either been disabled or removed from Active Directory? Answer In version 2024.2, a mechanism was added that will remove Digital Hive accounts that are no longer active within the Active Directory. ...Digital Hive Architecture Overview
Overview Digital Hive is a lightweight, web-based application that is both easy to install as well as to maintain and manage. Other than the Microsoft C++ redistributable (https://www.microsoft.com/en-ca/download/details.aspx?id=40784), there are no ...