Active Directory

Authentication is done either by using the built-in user management in lemoon or by using Windows authentication against Active Directory (read more about this on Microsoft's website ). This means that lemoon will use users and groups from Active Directory for managing permissions and policies.

Activation

Follow the steps below to enable windows authentication.

1. Create a service account in Active Directory that will be used to authenticate requests against Active Directory. The password should be set to never expire.
2. Go to Manage and select Daemons, click ActiveDirectoryDaemon.
   • Go to the Settings tab and enter the information requested, ie, the name of the domain or ldap server, and the username and password of the service account. Example:
     Domain: MINDROUTE
     Username: ServiceAccount
     Password: mypassword
   • Check Auto import if you want users to be automatically imported the first time they visit lemoon.
   • Save.
3. Open web.config in the application root directory and modify the line <authentication mode="Forms" /> to <authentication mode="Windows" />.
4. Disable Anonymous Access in IIS. Only Integrated Windows authentication should be enabled (or Clear text authentication).
5. Navigate to www.minsajt.se/admin to start the activation wizard.

Automatic synchronization of imported users

Follow the steps below to schedule automatic synchronization of users and roles imported from Active Directory.

1. Go to Manage, select Daemons and click ActiveDirectoryDaemon.
2. Schedule the daemon to run at a specified interval, e.g. 24:00 to synchronize every 24 hours.
3. Save.