This page describes how to configure Ribbon SBC Edge for Active Directory User Group Access:

When configuring the Domain Controller, we recommend using a domain name other than the Domain Admin user.

Step 1 - Configure the Domain Controllers

This step allows you to specify the Domain Controller(s) which will be used in the SBC Edgesystem. The information from the same domain controller(s) will be used for AD-based telephony routing and for Logging in to SBC Edge using an AD domain user.

To add a Domain Controller, follow the instructions outlined in Adding and Modifying Domain Controllers with the following settings:

  • DC Enabled: Set this field to True.
  • Description: The name you wish to use for referencing this domain controller - used in the next step.
  • IP Address/FQDN: The IP address or FQDN of the Domain Controller.
  • DC Type: Set this field to Authentication.
  • Search Scope: For example, dc=uxdemo,dc=net.
  • Server Timeout: The default is 5 (seconds), which is usually only updated if you receive TAC input.
  • User Name: For example, uxacc@uxdemo.net.
  • Enter and Confirm Password: The password for the AD user.
  • DC Priority: Select the priority ranking of the domain controller.

Create Domain Controller

 

Step 2 - Configure SBC Edge for Active Directory Access

In this step, we configure the Active Directory settings on SBC Edge such that we can authenticate users through the Domain Controller created earlier. Configuring the SBC Edge for Active Directory with the following settings:

In the Active Directory Configuration settings group:

  • AD Enabled: True
  • User Name: (for example, uxacc@uxdemo.net)
  • Password: (the password for the AD user)
  • Use TLS: False
  • Operating Mode: Updates

In the Cache Settings group:

  • Normalize Cache: False
  • Update Frequency: 60 (minutes)
  • Cache Attributes: for example telephoneNumber, msRTCSIP-Line, mobile, displayName, userPrincipalName

In the User Authentication Settings

  • Select the Domain Controller - created in Step 1

Step 3 - Configure AD User Group to Access Level Mapping

In this step, we map the Active Directory (AD) group with the SBC Edge access level for the AD user we wish to grant access on the SBC Edge:

  • Group Name: enter the name of the AD group
  • Access level: select the access level for the group

Create User Group Mapping

 

Step 4 - Login with an Active Directory Domain User

To verify the AD domain user can access the SBC Edge, the AD username must be supplied in the format USERNAME@DOMAIN - see How User Authentication Works. Enter the following in the login screen

  • User Name: enter the AD user name in the format USERNAME@DOMAIN; for example readonlyuser1@uxdemo.net
  • Password: enter the password of the AD user

Login Screen