Configure Active Directory

Colectica Repository and Portal can use Active Directory for authentication. Follow these instructions to enable Active Directory support.

1. In PortalDir\appsettings.json, set the UseWindowsAuthentication setting to true.

2. Rename the windowsauth.settings.json.dist configuration file to windowsauth.settings.json.

3. In the windowsauth.settings.json, there are two sections for assigning windows users and windows groups to the three Colectica roles. For windows users, use the full AD name of the user. For groups, it is highly recommended by Microsoft to use the group’s SID for performance reasons. Only the SID of groups are included in the Windows auth tokens, using the names can result in round trips the the AD server.

   Windows Users

   "WindowsUsers": {
     "ColecticaAdministratorRoles": [
       "DOMAIN\\User1",
       "DOMAIN\\User2"
       ],
     "ColecticaUserRoles": [],
     "ColecticaGuestRoles": []
   },
   

   Windows Groups

   "WindowsGroups": {
     "ColecticaAdministratorRoles": [
       "S-1-5-21-1004336348-1177238915-682003330-512",
       "S-1-5-21-1004336348-1177238915-682003330-1145"
        ],
     "ColecticaUserRoles": [],
     "ColecticaGuestRoles": []
   }
   

4. Configure IIS authentication

   1. Select the Repository IIS Site

      1. Enable Windows Authentication

      2. Disable Anonymous Authentication