Skip to content

How to Configure an Active Directory Authentication Provider#

This topic provides step-by-step instructions for configuring an Active Directory (AD) authentication provider in TheHive.

Paid license required

A paid license is required to configure authentication providers other than the local database managed by TheHive.
A Platinum license is required to configure Active Directory, OAuth 2.0, and SAML authentication.

Required permissions for configuring authentication

Only users with an admin-type profile that has the managePlatform permission can configure authentication in TheHive.

Procedure#

Prerequisite

Users must have an existing account in TheHive's local database to authenticate successfully. Configure the LDAP servers in TheHive to automate account creation.

User data is synchronized periodically:
- New LDAP users are automatically created in TheHive.
- Removed users are disabled.
- Organization membership and user profiles are assigned based on LDAP group membership.

The configuration must include a mapping of LDAP groups to corresponding organizations and profiles.

  1. Go to the Platform management view from the sidebar menu.

    Platform management

  2. Select the Authentication tab.

    Authentication tab

  3. Select Directories authentication in the Authentication providers section.

  4. In the Directories authentication drawer, turn on the Enable directory toggle.

  5. Select ad from the dropdown list.

  6. Enter the following information:

    The addresses of the domain controllers

    The IP addresses or host names of the domain controllers responsible for handling authentication requests within the network.

    The Windows domain name

    The name of the Windows domain that manages user accounts and permissions. This is typically the NetBIOS name used within the Windows network.

    Example: DOMAIN

    The DNS domain name

    The fully qualified domain name (FQDN) associated with the Windows domain (for example, corp.example.com). This is used for resolving network resources through the Domain Name System (DNS).

    Example: domain.local

  7. To secure communication between TheHive and the domain controllers using Secure Sockets Layer (SSL) encryption, turn on the Use SSL toggle.

    This encrypts authentication requests and responses, protecting sensitive data from interception during transmission.

    For more information about configuring SSL, refer to the Configure SSL topic.

  8. Select Confirm.

Next steps#