logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
lwalker  
#1 Posted : Friday, December 8, 2017 12:12:19 AM(UTC)
lwalker


Rank: Guest

Joined: 12/8/2017(UTC)
Posts: 2
Location: utah

Looking to setup 2FA with AD integration enabled on an onprem install.

I understand and see how to get it all running, however, I don't like that the string for 2FA needs to go in the description field in AD... any way for me to use a different field or custom field possibly??

THANKS!!!
Scott  
#2 Posted : Monday, December 11, 2017 12:36:27 PM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,533
United States

Thanks: 3 times
Was thanked: 309 time(s) in 266 post(s)
If you're using Windows Active Directory method for the user source then it's hardcoded to pull that information from the user description field.

With that said, you can change to using LDAP for user source and define whichever field you want for it on the directory service side. More information can be found here.
ScreenConnect Team
lwalker  
#3 Posted : Monday, December 11, 2017 7:43:10 PM(UTC)
lwalker


Rank: Guest

Joined: 12/8/2017(UTC)
Posts: 2
Location: utah

Thank you Scott.

I was able to get what I needed working using LDAPS v.s. Active directory integration..

however, now nested security groups don't function to provide access with LDAPS...


Sure would be nice if the Active directory integration piece let me select what attribute to pull "UserPasswordQuestionAttribute" ..I cant help but think that "description" cant be the best field.. I would think this has all sorts of info in all different AD environments.



Stuck between a rock and a hard place...
Scott  
#4 Posted : Tuesday, December 12, 2017 2:31:34 PM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,533
United States

Thanks: 3 times
Was thanked: 309 time(s) in 266 post(s)
Quote:
however, now nested security groups don't function to provide access with LDAPS...

From the perspective of the implementation AD vs LDAP are pretty much the exact same thing, we just assume a bunch of information for AD and allow more granular configuration for LDAP. I would compare the permissions from the ScreenConnect server system account and the service account you're using to make the LDAP request.

Quote:
I cant help but think that "description" cant be the best field

You're not wrong, but like I mentioned above we assume a bunch of information for the AD method to keep it simple.
ScreenConnect Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.