Page tree
Skip to end of metadata
Go to start of metadata

 In this type of authentication mechanism, a user account is authenticated against an external Active Directory server.

(lightbulb) Accounts with this type of authentication are also known as external accounts.


The AD user will count towards FileCloud License only after:

  • The user account logs into FileCloud
  • If a user from AD is explicitly imported


RequiredConfiguration RequirementNotes
Active Directory servicemust be accessible from FileCloudIP and Port must be accessible
Active Directorymust support Simple Authentication MethodAnonymous or Name/Password Authentication Mechanism of Simple Bind
Active Directory usersmust have an email attributeBeginning in FileCloud 21.2, the AD Account name used in Active Directory settings must have an email ID in Active Directory.

The email address is saved in the user's FileCloud profile. During login, validation requires the FileCloud email address and the AD email address to match;  later modification of email address in AD or FileCloud will cause login to fail.
FileCloud Serverversion must be 4.0 or later

How To Enable AD Authentication

(lightbulb) In the following section, to display more information, click on a topic.

To enabling AD authentication in FileCloud:

  1. Log into the FileCloud Administration Portal

  2. Click on  Settings in the left navigation panel

  3. Click on Authentication tab

  4. Under Authentication Settings, change the Authentication Type to "ACTIVEDIRECTORY" using the dropdown box. This will enable the "Active Directory Settings" group.

  5. Enter the required information and then click Save.

To connect FileCloud with your AD environment, you need to know certain connection parameters.

To figure out these AD parameters, please refer to the following documentation



AD HostREQUIRED FIELD: This is the IP address or host name of the AD server.
AD PortREQUIRED FIELD: This is the port to be used to connect to AD server. The default is 389 and most AD servers work using port 389.
Use TLS(OPTIONAL) Enable this checkbox if your AD server requires clients to use TLS to connect
Use SSL(OPTIONAL) Enable this checkbox if your AD server requires clients to use SSL to connect. NOTE: Additional change required.
Users have the same UPN Account Suffixes

If you have users with the same UPN suffixes throughout your AD, then you can just enable this checkbox and set the AD Account Suffix. Otherwise disable the checkbox and set the AD Logon Name Prefix (a trailing ‘\’ is not required while using the logon name prefix).  

AD Account Suffix

NOTE: If you have users with different userPrincipal suffixes this should be left blank and AD Logon Name Prefix should be set instead. See Mixed AD Authentication support.

REQUIRED FIELD: The userPrincipal name suffix for your domain, the part after the username in the dropdrown.

You can also see the Account Suffix by running the following query in the command line in the AD server

dsquery * <FULLY QUALIFIED NAME> -scope base -attr sAMAccountName userPrincipalName

You can get the <FULLY QUALIFIED NAME> using the command below:

dsquery user -name <LOGON NAME>

AD Base DN


The base DN for your domain. Your base dn can be located in the extended attributes in Active Directory Users and Computers MMC.

You can also see the Base DN by running the following query in the command line in the AD server.

dsquery user -name <LOGON NAME>



Mail Attribute

REQUIRED FIELD: FileCloud requires use account to have an associated email id. Typically the name of this attribute in AD is "mail". If a user account has no mail attribute associated, then login into FileCloud will be disallowed. If "mail" attribute is present, but the login fails, then check the Base DN to ensure it is accurate and is without quotes.

Limit Login to AD


(OPTIONAL)If you want to limit the login to a specific AD group, specify the group members here (Typically this is left blank)

NOTE: If this field is set, then ensure that the account name specified in "AD Account Name" field is part of this AD Group

AD Account NameREQUIRED FIELD: A valid account name is required here in order for FileCloud to perform queries into AD server. This can be any account that can access the AD server. NOTE: Use username and not email id in this field. This account must have an email address set in AD.
AD Account passwordREQUIRED FIELD: A password for the AD account name entered.

Use Admin Account

for Binding

(OPTIONAL) Enable this checkbox if your AD does not allow Anonymous Binding. Enabling this checkbox will enable the "AD Service Account Name" and "AD Service Account Password" text boxes

AD Service Account



Provide the service account name to be used to bind with the AD server

AD Service Account



Service account password to be used to bind with the AD server

To connect to Active Directory over SSL, please follow the steps mentioned here.

Make sure the settings are SAVED before trying the AD Tests to verify connectivity

Once all data is entered and saved, the AD settings can be validated using the AD Test button.


The following tests can be done.

  1. Validate the AD setting.
    1. This will perform basic connectivity tests with the AD server. If this fails, then check your AD settings to ensure all the data is present and is accurate.
  2. List Groups
    1. Once AD settings is validated, the "List Groups" will show the list of groups read from the server.  To view list members of a group, select a group row and click on 'Select' button.
      This will populate the "Group Members" text box.

  3. Get Group Members
    1. This will retrieve and list the group members of a group. A group name can be also entered here directly without selecting from the "Group List" popup of the previous step.
      NOTE: the group members are NOT automatically added to FileCloud.
  4. Verify User Access
    1. A specific user login/password can be verified using this test.
    2. Verify that "Get Email ID" returns the correct email address for a user account from AD. If a valid email address is not returned, then FileCloud cannot import the user account.

AD Options

    Connecting to AD via SSL

  Authenticating to Multiple AD servers

    Mixed AD Domain Environments

    Migrate Data from a Changed User Account Name

Active Directory Settings
LDAP Settings

  • No labels