Summary:

  1. Create LDAP server profile

  2. Create authentication profile 

  3. User Mappings

    1. Agent

    2. Server monitoring

  4. Group Mapping

  5. Enable User ID on zone (enable from sourcing zone, but not on outside / Internet facing zone)

Details:

1. Create a LDAP server profile

Note, I have a windows 2012 server with enabled AD role. It has an IP address 10.1.1.111

  • Create a LDAP server profile, filling the blanks. Uncheck "Require SSL/TLS secured connection" as we are testing this in our controlled environment. You may enable it in your production environment.

Note, do not forget to commit the change.

  • To test the AD communication. Create a test Group Mapping using the LDAP server profile we created above.

  • Now, go to Group Include List, as long as you can navigate the directory, you are able to communicate with the AD

 

2. Create an Authentication profile

3. Configure User Mapping

3.1 Configure an agent

3.2 Configure a server monitoring

4. Configure group mapping (attach LDAP server profile and User groups)

  • Here I am including domain admin and domain users

5. Enable User ID on a zone

  • I am enabling User ID on the Inside zone since user Tiger is residing in that zone

  • Let's log into Tiger's machine (aka. Joe)

Note, on the PC, configure DNS with AD server's IP

  • Monitor logs to prove User ID is enforcing