Active Directory integration

Countly provide the Customer Microsoft Active Directory (“AD”) integration for its Countly Enterprise Edition Software. Currently Countly AD plugin works with LDAP v3 and Countly Enterprise Edition > 17.05.

In order to enable the plugin go Management > Plugins and click on Enable button.

When Active Directory Plugin is enabled Countly will bypass its regular authentication and will use the Microsoft Active Directory (“AD”) user credentials of the organization for authentication. The user of the organization need to use the same credentials they login to their Organization’s Active Directory server.

AD groups and corresponding user roles on Countly

Active Directory groups (Groups are Active Directory objects that can contain users, contacts, computers, and other groups) should contain the user to do the authentication and should match with the group name that will be configured or generated in Countly as described in the following sections.

One direct AD group will be mapping to the Global Admin user role of Countly. This AD group should be configured in the AD plugin config file like:

globalAdminGroup: 'ad-global-admin'

Per each application on Countly there will be three direct AD groups with the following name structure:

AppAnalytics-APPIDENTIFIER-ROLE

Role can be any of:

• User, with Countly User level permissions for the app (no write access and only read access).
• Admin, with Countly Admin level permissions for the app (admins of Countly can only view and administer their own applications)
• Marketing, new Countly user level with permissions to create a funnel, view Messaging and Attribution sections and can create new Attribution and push notifications campaigns, and all other rights Countly user has
• Custom role can be implemented based on customer requirements

AD Group can be setup per app basis which are defined on Countly dashboard.