V-Key
Home
Documents
Product Documentation Software Release Notes V-OS Cloud Document General Document
Features
Result Codes
Account
Login
VSA IDM Portal Directories
Integration Guide

Introduction

The Directories section on Identity Management (IDM) portal lets you create and edit the directories. These Directories can be used to connect to the directories in your organization for authentication purpose. Multiple directories can be created on IDM portal to connect to different directories. If your organization only uses one directory for all the services, you may have just one Directory on IDM portal for all services.

Purpose

This document's purpose is to describe how to configure various types of Directory Connectors on the VSA IDM portal.

Audience

This document is primarily intended for all the users of VSA IDM portal.

Objectives

The main objective of Directory Integration is to synchronize (and authorize) user accounts from external directory service (such as Active Directory, OpenLDAP, or Azure AD) to the IDM or manage users locally on IDM. Default directories are available in the IDM portal for modification. You can choose to create a new directory for the token pack or use one of the available directories for the services.

Directory Types

Currently, VSA supports the following directories:

V-Key AD

If you do not have an existing directory service in place or wish to use a separate directory service for your VSA usage, you can choose to use V-Key AD as the directory service provider.

Configure V-Key AD

1.Login to IDM Portal with Admin role

2.Navigate to Directories page & select Create.

Create Directory
Fig 1: Create Directory

3.Select Directory type as V-Key AD:

Select Directory Type
Fig 2: Select Directory Type

4.Input Directory name and save.

Directory Name
Fig 3: Directory Name

5.The directory gets created successfully.

Directory Save
Fig 4: Directory Save

6.Edit created directory so as to create/import users in the directory.

Directory Edit
Fig 5: Directory Edit

Create / Import Users

Create Users Manually

  1. Select to add user manually.
Add User Manually
Fig 6: Add User Manually
  1. Input all the required fields and save.
Input fields
Fig 7: Input fields
  1. User gets created successfully. Please check the mailbox of created user to make sure that you have received new account creation email.
User Creation
Fig 8: User Creation
  1. At V-Key AD directory page, test the created configuration by entering login credentials of created account.
User Creation
Fig 9: User Creation
  1. If connection is successful, it means the V-Key AD and manually created account has been setup successfully.

Import Users by CSV File

If you want to upload multiple users, you can import users in batches by using CSV file.

  1. Click on Import CSV button.
Import CSV
Fig 10: Import CSV
  1. Download Import-Template.csv file.
Download Template
Fig 11: Download Template
  1. Fill the users’ information into CSV file.
Fill Users' Information
Fig 12: Fill Users' Information
  1. Upload CSV file then import it.
Upload CSV File
Fig 13: Upload CSV File
  1. Check that the users are imported with User Source as CSV Import.
Check User Creation
Fig 14: Check User Creation

Import Users by Azure AD

  1. Set up an Azure AD (Microsoft Entra AD).

  2. Click on Import Azure AD button.

Import Azure AD
Fig 15: Import Azure AD
  1. Click on AUTHORIZE button
Click Authorize
Fig 16: Click Authorize
  1. Enter Azure admin credentials to login
Login
Fig 17: Login
  1. After successful authorization, users are loaded to migrate. Select the users then click Import button and observe the process till it gets completed.
User Migration
Fig 18: User Migration
  1. Check that the users are imported with User Source as Azure AD.
Check Users
Fig 19: Check Users

Local AD

The Local AD is installed in an on-premise environment. So, it’s installed and managed on servers within an organization's own infrastructure, rather than being hosted in the cloud. If you use this directory service, you must make sure that the directory can be integrated with V-OS Cloud from outside of the enterprise network.

Local AD is best for organizations that need tight control, Windows integration, and centralized management.

Common LDAP Connection Parameters

Parameter Description Example (Local AD)
Host / Server IP address or domain name of the LDAP server ldap://192.168.1.10 or ldap://ad.example.local
Port Default is 389 for LDAP, 636 for LDAPS (secure) 389 or 636
Base DN Starting point in the directory tree DC=example,DC=local
User DN Distinguished Name of the user used to authenticate CN=admin,CN=Users,DC=example,DC=local
Bind Password Password for the bind DN YourPassword123
Login Property or Search Filter LDAP query to find entries (sAMAccountName=username)
Attributes Fields to retrieve (e.g., email, name, phone) Email, Display Name, Phone Mapping fields
TLS/SSL Whether to use secure connection True (LDAPS)

Local AD Configuration

1.Login to IDM Portal with Admin role

2.Navigate to Directories page & select Create.

Create Directory
Fig 20: Create Directory

3.Select Directory type as Local AD and enter Directory name:

Select Directory Type
Fig 21: Select Directory Type

4.Input information for LDAP Server. Enable Secured LDAP & enter the certificate information if required by the provider.

LDAP Server Info
Fig 22: LDAP Server Info

5.Input information for Mapping Configuration based on your directory configuration.

Mapping Configuration
Fig 23: Mapping Configuration

6.Click Save button after filling all the required information. Continue by clicking Test Configuration button. Enter username and password of an end user account to test. If all the information is correct, you will get the prompt Connection is Successful !.

Open AD

Open Active Directory typically refers to open-source or API-accessible implementations or integrations of Active Directory-like services.

Open AD is more suitable for flexible, cross-platform, or cloud-integrated environments.

Common LDAP Connection Parameters

Parameter Description Example (Open AD)
Host / Server IP address or domain name of the LDAP server ldap://openad.example.com
Port Default is 389 for LDAP, 636 for LDAPS (secure) 389 or 636
Base DN Starting point in the directory tree dc=openad,dc=org
User DN Distinguished Name of the user used to authenticate uid=admin,ou=people,dc=openad,dc=org
Bind Password Password for the bind DN YourPassword123
Login Property or Search Filter LDAP query to find entries (uid=username)
Attributes Fields to retrieve (e.g., email, name, phone) Email, Display Name, Phone Mapping fields
TLS/SSL Whether to use secure connection Optional, depending on setup

Open AD Configuration

1.Login to IDM Portal with Admin role

2.Navigate to Directories page & select Create.

Create Directory
Fig 24: Create Directory

3.Select Directory type as Open AD and enter Directory name:

Select Directory Type
Fig 25: Select Directory Type

4.Input information for LDAP Server. Enable Secured LDAP & enter the certificate information if required by the provider.

LDAP Server Info
Fig 26: LDAP Server Info

5.Input information for Mapping Configuration based on your directory configuration.

Mapping Configuration
Fig 27: Mapping Configuration

6.Click Save button after filling all the required information. Continue by clicking Test Configuration button. Enter username and password of an end user account to test. If all the information is correct, you will get the prompt Connection is Successful !.

Differences Between Open AD and Local AD

  • Bind DN Format: Local AD uses CN= and DC= format; Open AD (like FreeIPA) often uses uid= and ou=.
  • Schema Differences: Local AD uses attributes like sAMAccountName, userPrincipalName; Open AD may use uid, cn, etc.
  • Security: Local AD often uses Kerberos alongside LDAP; Open AD may rely more on TLS/SSL.

Microsoft Entra ID or Azure AD

Microsoft Entra ID is the new name for Azure Active Directory (Azure AD)—Microsoft’s cloud-based Identity and Access Management (IAM) solution.

Use Cases

  • Managing access to Microsoft 365, Azure, and other cloud apps.
  • Enabling remote work with secure identity verification.
  • Integrating with third-party apps using open standards.

Set Up Microsoft Entra ID

This section outlines the steps required within your Microsoft Entra ID environment to enable integration with the IDM Dashboard.

Note: You will need administrative privileges within your Microsoft Entra ID tenant to perform these steps.

Prerequisites

  • An Azure Account:

If you don’t have an Azure account, Create Your Azure Free Account Or Pay As You Go | Microsoft Azure

  • A Resource Group:

If needed, Use the Azure portal and Azure Resource Manager to Manage Resource Groups - Azure Resource Manager.

Create a Custom Domain

  • Proceed to Microsoft Entra admin center.
  • Browse to Entra ID > Domain names > Add custom domain.
  • Enter the domain (requested from IT).Please provide below info to IT team and ask them to register the domain, then click on Verify button for the domain verification.

https://learn.microsoft.com/en-us/entra/fundamentals/add-custom-domain

Create Custom Domain
Fig 28: Create Custom Domain

Create an Entra Domain Service

A Microsoft Entra Domain Services managed domain enabled and configured in your Microsoft Entra tenant. Check out this tutorial

Create Entra Domain Service
Fig 29: Create Entra Domain Service

Configure the Entra Domain Service

  • Generate a certificate for secure LDAP
  • Enable secure LDAP for Microsoft Entra Domain Service. (Include importing the certificate)
Configure Entra Domain Service
Fig 30: Configure Entra Domain Service
  • Add a rule to allow traffic from port 636. a. In the Microsoft Entra admin center, search for and select Resource groups. b. Choose your resource group, such as myResourceGroup, then select your network security group, such as aaads-nsg. c. The list of existing inbound and outbound security rules are displayed. On the left-hand side of the network security group window, choose Settings > Inbound security rules. d. Select Add, then create a rule to allow TCP port 636.

Sample configuration:

Inbound Security Rule
Fig 31: Inbound Security Rule

Note: For testing purpose, we should keep Source and Source port ranges as any. For improved security, choose the source as IP Addresses and then specify your own valid IP address or range for your organization. Reference: Tutorial - Configure LDAPS for Microsoft Entra Domain Services

  • Gather Configuration Information for IDM

    • Azure Tenant ID: from Microsoft Entra ID > Overview (If needed)
    • IP Address / Domain name: from created domain service > Properties > Secure LDAP external IP addresses
    • Port: (636)
    • Base DN: OU=AADDC Users,DC=yourdomain,DC=com
    • User DN: A valid LDAP bind user
    • The certificate (.cer) file

Configure IDM Dashboard

This section explains how to configure the Microsoft Entra ID connection within your IDM Dashboard using the information obtained from Set Up Microsoft Entra ID section.

  1. Log in to your IDM Dashboard with administrative privileges.
  2. Navigate to Directories page.
  3. Click on Create button to create a Directory.
  4. Select Azure AD (Microsoft Entra ID) for the directory Type.

Authorize and Enter Azure AD Details

  1. Provide a Name for the directory (e.g., "Corporate Microsoft Entra ID").
  2. Authorize this Directory connector to access your Azure Active Directory:
  • Click on Authorize button, a pop-up appears and requires you to log in.
  • Proceed to log in with the Azure Admin Account.
Log in
Fig 32: Log in

After logging in successfully - On IDM, the Azure Tenant ID field is automatically detected and filled - On Azure, an Enterprise Application is automatically created in Microsoft Entra ID > Enterprise Applications (Eg: V-Key Users Sync App)

  1. If using a hybrid model, enable Using hybrid model if applicable based on your IDM Dashboard's requirements.

Configure LDAP Server (If Required)

  1. Enter the IP Address / Domain Name of the LDAP server.
  2. Specify the Port (e.g., 636 for secured LDAP).
  3. Enable Secured LDAP and upload the certificate (.cer) file
  4. Define Base DN, User DN, and Password if your IDM setup requires LDAP integration in addition to Azure AD.
Configure LDAP server
Fig 33: Configure LDAP server

Mapping Configuration

  1. Set Login Property (e.g., userPrincipalName is often more suitable for Azure AD than sAMAccountName).

  • With userPrincipalName value, when you test your configuration, should enter the email (with the domain):

  • With sAMAccountName value, when you test your configuration, should enter the account name (without the domain):

  1. Map Email Mapping Field to the appropriate Azure AD attribute (e.g., userPrincipalName or mail). The image shows userPrincipalName.
  2. Map Display Name Mapping Field to displayName.
  3. Map Phone Mapping Field to the relevant Azure AD attribute (e.g., mobilePhone or telephoneNumber).
Sample Configuration
Fig 34: Sample Configuration
  1. After completing the configuration, click on SAVE button.
  2. Use the Test Your Configuration button to verify connectivity to your Microsoft Entra ID tenant. If successful, the directory is now ready for authentication.

GAPS

  • In a fresh tenant, logging in once to the first Entra ID directory triggers authorization. Any directories created within the next 24 hours will authorize automatically without prompting for login.

  • If Azure Tenant ID is available, we can enter it without using the authorize step

  • When using the hybrid model (enable/disable), the Administrator Consent button is not required.

  • When the Administrator Consent button is clicked and the sign-in prompt is completed, an Enterprise Application is automatically created in Microsoft Entra ID > Enterprise Applications. For example: V-OS Trusted Identity (Read - Write).This process establishes the necessary permissions and integrations without requiring manual application setup.

  • Currently, configuration requires entering the IP address. Using a domain name instead is not supported and will not work.

  • Secure LDAP should be enabled for proper integration, but importing the certificate into IDM is not necessary for the setup.