Splashtop On-Prem AD integration is compatible with Windows Server 2008 r2, 2012, 2016, 2019 Active Directory and Microsoft Azure AD. This allows system administrator easily authenticates and manages AD accounts and start to use Splashtop remote service immediately.
1. Add Ad Server
First things first, you will need to authenticate your local AD server which allows you later directly add that of your AD users or AD groups to use Splashtop service.
Please login Gateway Web Portal as Team Admin/Owner, go to Management -> Settings -> Authentication tab, and click Add AD Server:
- Name: Fill up an AD Server name concatenated to the actual AD server of your organization.
- LDAP URL Syntax: ldap scheme (ldap://) + implied address (of target AD server)+port number ( if needed). Below screenshots shows a syntax example: ldap://onpremise.corp
- LDAPS is supported.
- Users Base DN: The active directory user's Distinguished Name. We use Users Base DN as user authentication checkpoint in AD hierarchy.
- To copy and paste the Distinguished Name of any AD object, you would like to go to View tab in Active Directory Users and Computers on Windows 2016, select Advanced Features, then right click on the target object that you want to get the distinguished name from, select Attribute Editor, double click on distinguishedName attribute to copy the parameters. Then you can simply paste the distinguished name to User Base DN field.
- Groups Base DN: The active directory group's Distinguished Name. We use Group Base DN as group authentication checkpoint in AD hierarchy.
- Account: User account from target AD server to bind. The user account syntax: sAMaccountName@ADDomainName
- Password: The AD password of associated AD user account.
- Test Connection: Click this button to check the availability of target AD server for authentication.
- Add: Click this button to bind a validated AD server to Splashtop Gateway AD Server list.
Note: Avoid adding multiple AD Servers with overlapping scope. Please verify the uniqueness of Users Base DN and Groups Base DN so that each user and group only roots from one AD Server source. Overlapping scope may cause authentication invalidity and unsolvable group members.
2. Add AD user or AD group
Once an AD server has been successfully authenticated, you should go to Management - Settings - Authentication to check your AD Server has been added to Gateway. Now navigate to Management tab – Users, click on Add AD User button on the top.
- Type: By selecting AD user, an AD individual user will be authenticated and added to Splashtop Gateway. Selecting AD group allows bulk authentication of its AD group members. (group members will have to login to Gateway Web portal first then displayed in the user list )
- AD Server: Select the AD server which contains the target AD user or group.
- Account: Fill up the sAMaccountName@ADDomainName of target AD user or group.
- Group: Chose the initial Splashtop group an AD user or AD group will fall into once added.
- Role: Chose Admin or Member to assign different access permission tailored to needs.
- *SOS Technician: Enable SOS on demand support capability. (*Based on subscription plan)
- Verify: Check the availability of an AD user or group for authentication.
- Add: Add a validated AD user or group to the target group.
3. AD Group Members
Green user icon represents AD users or AD groups as shown in the below screenshot below. If an AD group has been added to Splashtop Gateway, meaning its associated AD members have already been authenticated and able to log into Splashtop Gateway as well as On-Prem app.
The AD users in AD Group Members will be showed up in AD Group Members after log into Gateway portal or On-Prem app with his/her AD account at least once. But you can batch configure the access permission of just added AD Group collective (e.g. AD group "123" in below screenshot) beforehand. By contrast, an AD individual user added to Gateway will be displayed and modified property immediately.
Note: An AD group member authenticated via its parent AD Group would inherit the user role and access permission of that group.
All successfully authenticated AD users can login On-Prem app with their AD credentials and start to use Splashtop remote service.