Home > Security Appliances > Content Filtering and Threat Protection > Active Directory Integration

Active Directory Integration

Active Directory (AD) integration allows you to restrict access to the network and enforce Group Policies based on membership in Active Directory groups.

Currently, Active Directory-based authentication works only if one of the following is true:

  • The Domain Controller is in a VLAN configured on the appliance
  • The Domain Controller is in a subnet for which a static route is configured on the appliance
  • The Domain Controller is accessible through the VPN.

If there are multiple Domain Controllers in the domain, all of them must meet one of these criteria in order for Active Directory integration to function properly.

Active Directory

This option toggles AD integration on or off.

Per-VLAN settings

This option is available only if you have multiple VLANs in your network. It allows you to select which VLANs require manual splash-page AD authentication if a user cannot be identified transparently. If a VLAN does not require AD authentication, it falls back to default traffic and security policies for unauthenticated users.

Active Directory servers

  • Short Domain: Short name of the domain (a.k.a., NetBIOS name), as opposed to the fully qualified domain name (FQDN). Typically if the FQDN is "mx.meraki.com", the short domain is "mx".
  • Server IP: The IP address of the domain controller.
  • Domain admin: A domain administrator account that the MX can use to query the AD server.
  • Password: The password of the domain administrator account.
  • Actions: Click X to delete the AD server settings.
     

User permissions for AD integration

While the AD integration account does not have to be a domain admin, it is usually the easiest way to implement this feature. If using a domain admin account is not possible or not preferable, ensure that the account has the necessary permissions to perform the following actions:

  • Query the user database via LDAP
  • Query group membership via LDAP
  • Query the domain controller via WMI

 

If there are multiple domain controllers in the domain, all of them should be added to Dashboard. You can add domain controllers by clicking Add an Active Directory domain server. Users authenticating to domain controllers not configured in Dashboard can result in inconsistent user identification and policy application.

 

For more information about configuring and troubleshooting Active Directory integration, please reference our documentation.

You must to post a comment.
Last modified
16:31, 29 Jan 2016

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community