Active Directory Integration
Integrate SafeSquid with Active Directory (AD) to enable centralized user management, group-based access policies, and seamless Single Sign-On (SSO) for domain-joined users.
Active Directory Integration Workflow
| Step | Task | Goal |
|---|---|---|
| 1 | Setup AD Integration | Link SafeSquid with AD and fetch user/group entities. |
| 2 | Choose Auth Method | Decide between Simple (prompt) or SSO (transparent) authentication. |
| 3 | Simple Authentication | Browser prompts users for AD credentials. |
| 4 | SSO Authentication | Transparent authentication for domain-joined users via Kerberos. |
Which AD authentication method to use?
| Feature | Simple Authentication | SSO Authentication |
|---|---|---|
| User Experience | Browser login prompt | Transparent (no prompt) |
| Domain Requirement | None (works for any device) | Client must be domain-joined |
| Complexity | Low (LDAP bind) | Moderate (Kerberos, DNS, Time Sync) |
| Primary Use Case | Guest devices, non-domain PCs | Standard corporate workstations |
Recommendation
Most enterprises use SSO Authentication for corporate domain-joined workstations to provide the best user experience, and Simple Authentication as a fallback for guest or non-domain devices.
Verification
After completing the integration:
- Fetch Entries: Verify that AD users and groups appear in the SafeSquid LDAP Entities section.
- Test Rule: Create an access rule that requires AD authentication.
- Log Check: Confirm
identity.logshows the correct AD username inDOMAIN\useror UPN format.
Next steps
- Start with Setup Active Directory Integration to establish the initial connection.
- Configure Access Restriction to apply policies based on AD groups.