Countly provide the Customer Microsoft Active Directory (“AD”) integration for its Countly Enterprise Edition Software. Currently Countly AD plugin works with LDAP v3 and Countly Enterprise Edition >17.05.

* Only for Enterprise Edition

Active Directory plugin is a paid plugin and only for Enterprise Edition customers. In order to get more information about deployment and pricing, please get in touch with us.

Active Directory Plugin Currently Supports:

 Azure Active Directory

 Microsoft Active Directory

 Oracle Unified Directory (coming soon)

In order to enable the plugin go Management > Plugins and click on Enable button.

When Active Directory Plugin is enabled Countly will bypass its regular authentication and it will use the Active Directory (“AD”) user credentials of the organization for authentication. The user of the organization need to use the same credentials they login to their Organization’s Active Directory server.

.....................................................................................................................................................................

Azure Active Directory

Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service

SETUP STEPS:

1. Create an app from app registrations or use the existing app 
2. Add web platform and add redirect url  /azure-ad-callback
3. Enable plugin 

   countly plugin enable active_directory

4. Go inside plugins directory countly path /plugins/active_directory and copy           cp config.azure.sample.js config.js                                                                                                           and use your app id and secret and select a group where the members of which should be global admin of countly                                                                                   

   Countly-hosted installation

   If your server is Countly-hosted, please contact Support and provide us with the information listed below.

   
   

   const config = {
    clientId: '8db7e011-a15f-4454-9472-2f475550c7a7',
    clientSecret: 'c33wTBoBv@_1jPm.e1ENTLhpoB]IE@iC',
    globalAdminGroup: 'countly-global-admins'
   };
   

HOW TO USE STEPS:

1. First login should be done from an app administrator to allow the app.
2. Use an user who is member of the group which is setup as a global admin group inside config who can access manage users section to create the groups. Group name of Azure Active Directory and group name of Countly should be same in order to match.
3. AD Plugin does not have user level permission instead it is group level permissions. Active Directory groups should match with any countly group for the member of the AD group to access countly dashboard and permissions will depend on the group permission setup inside countly manage users/groups section. 

.....................................................................................................................................................................

Microsoft On-Prem Active Directory

Microsoft Active Directory is a collection of services that helps manage users and devices on a network.

SETUP STEPS:

1. Need to have a running Active Directory with LDAP v3 server
2. Go inside plugins directory countly path /plugins/active_directory and copy           cp config.ldap.sample.js config.js                                                                                                           and use your app id and secret and select a group where the members of which should be global admin of countly                                                                                    ❗ Tip: If your server is countly-hosted then please contact support and provide us the following informations.
3. Enable plugin 

   countly plugin enable active_directory

HOW TO USE STEPS [ Default Countly Groups ]:

1. Use an user who is member of the group which is setup as a global admin group inside config who can access manage users section to create the groups. Group name of Azure Active Directory and group name of Countly should be same in order to match.
2. AD Plugin does not have user level permission instead it is group level permissions. Active Directory groups should match with any countly group for the member of the AD group to access countly dashboard and permissions will depend on the group permission setup inside countly manage users/groups section. 

HOW TO USE STEPS [ Legacy Role Based Authentication ]:

AD groups and corresponding user roles on Countly

Active Directory groups (Groups are Active Directory objects that can contain users, contacts, computers, and other groups) should contain the user to do the authentication and should match with the group name that will be configured or generated in Countly as described in the following sections.

One direct AD group will be mapping to the Global Admin user role of Countly. This AD group should be configured in the AD plugin config file like:

globalAdminGroup: 'ad-global-admin'

Per each application on Countly there will be three direct AD groups with the following name structure:

AppAnalytics-APPIDENTIFIER-ROLE

Role can be any of:

• User, with Countly User level permissions for the app (no write access and only read access).
• Admin, with Countly Admin level permissions for the app (admins of Countly can only view and administer their own applications)
• Marketing, new Countly user level with permissions to create a funnel, view Messaging and Attribution sections and can create new Attribution and push notifications campaigns, and all other rights Countly user has
• Custom role can be implemented based on customer requirements

AD Group can be setup per app basis which are defined on Countly dashboard.