User Source Requirement - v2023.04

In this document below user source type requirements described.

Active Directory

Active Directory Requirements

MonoSign supporting Unified Directory architecture. It means you can use external or internal user directory. MonoSign natively supports Microsoft Active Directory/LDAP servers. Active directory integration can be performed with the following user permissions.

A service user must be created in the active directory.

Example service user name “monosign_svc“

Operation	Permissions	Object Type
Authentication	Standard Active Directory User Permission	User
Password Reset/Unlock Account	Reset Password Read pwdLastSet Write pwdLastSet Read lockoutTime Write lockoutTime	User

Operation

Permissions

Object Type

Authentication

Standard Active Directory User Permission

User

Password Reset/Unlock Account

Reset Password

Read pwdLastSet

Write pwdLastSet

Read lockoutTime

Write lockoutTime

User

Password Reset/Unlock Account features needed Self-Service Portal(SSP) license.

It can be configure with PowerShell script. You can download below link. Before running script in the active directory please change below line in the scripts.

PowerShell

$ou = "Monofor"
$user_delegated = "monosignsvc"
$group_delegated = "Monosign Service Group"

$ou is which OrganizationalUnit to delegate user or group.

$user_delegated If one service account will be delegated which is defined above OU.

$group_delegated If specific AD Group will be delegated which is defined above OU.

ad_delegate_user_msign.ps1