Why integrate Fudo Enterprise with Active Directory?

Integration with Active Directory can be used in two main ways.

First, Fudo can verify whether the user’s login credentials are correct. This means that the username and password entered during login are validated against Active Directory.

Second, the system can retrieve information about users and groups from the domain and then map them to the appropriate roles and permissions in Fudo Enterprise. Thanks to this, selected users can be assigned:

• administrative access to the Fudo panel,
• access to specific hosts and servers,
• technical or operational roles,
• login policies based on AD groups.

This approach simplifies environment management and makes it possible to align access in Fudo more closely with the existing organizational structure.

What does the video show?

In this material, we show the full basic scenario of integrating Fudo Enterprise with Active Directory.

The video includes:

• configuring user authentication via AD,
• creating a new Active Directory source,
• specifying the domain,
• enabling encrypted LDAP connection,
• adding the CA certificate,
• configuring synchronization of users and groups,
• specifying the domain account used to read data from the directory,
• setting the AD tree scope,
• adding domain controllers,
• mapping AD groups to roles and permissions in Fudo,
• forcing full synchronization,
• checking the result in the Users tab.

This is a practical guide for people who want to connect Fudo Enterprise with an existing directory service and begin managing users and access in a more structured way.

Integrating Fudo Enterprise with Active Directory – step by step

1. Configuring authentication in the Authentication tab
   The first stage concerns verification of the user’s username and password against Active Directory. This part of the configuration is done in the Authentication tab.

We create a new entry and give it any name. In the example from the video, the name ADLAB is used. Next, we select the Active Directory service type and enter the domain name.

This is the element responsible for identity verification of users logging in to Fudo.

2. Enabling encrypted LDAP connection
   In the environment shown, the LDAP connection requires encryption, so in the next step the encrypted connection is enabled.

This is important because when integrating with a directory service, it is worth taking care not only of the functionality itself, but also of the security of communication between Fudo and the domain controller.

3. Adding the CA certificate
   After enabling the encrypted connection, the CA certificate used by Active Directory must be uploaded. This allows Fudo to verify that it is connecting to the correct directory server.

This is an important step in environments where LDAP operates in encrypted mode and correct certificate validation is required.

4. Optional configuration of a privileged user
   The system also allows the credentials of a privileged user to be entered, which may be used by the Password Changer module. In the scenario shown, this section is left empty, but it is worth knowing that this option exists.

This is particularly useful in more advanced deployments where Fudo is expected to perform additional password management operations.

5. Enabling synchronization of users and groups
   The second part of the Active Directory integration concerns user synchronization and retrieval of group information.

For this purpose, a new synchronization directory must be created. It can be given the same name as before or follow a different naming convention that helps organize the configuration.

6. Entering the domain account used to read data
   In order for Fudo to read the list of users and groups from Active Directory, a domain account with the appropriate permissions to read directory data must be provided.

In this step, we enter:

• the domain user login,
• that user’s password,
• the domain name.

This account is not used for end-user login, but for communication between the Fudo system and the directory service.

7. Defining the AD tree scope
   Next, it is necessary to define from which part of the Active Directory tree information about users and groups should be retrieved.

In the material shown, in practice the entire tree is selected. This is a convenient solution at the beginning, especially in a test environment or a simple deployment where there is no need to limit the scope to a single OU.

Additionally, domain filtering can be defined. The video emphasizes that the default settings are sufficient in most cases.

8. Adding domain controllers
   After configuring the basic parameters, the domain controllers with which Fudo will communicate must be added.

As before, the connection here is also encrypted, and the system uses the CA certificate to confirm the identity of the server it is connecting to.

This completes the technical part of the directory configuration and prepares the system for data synchronization.

9. Mapping AD groups to roles in Fudo
   Once the connection to the directory is ready, it is possible to move on to mapping groups from Active Directory to roles and permissions in the Fudo system.

In the scenario shown, two example mappings are created:

• the FUDO users group – assigned to the test user group,
• the FUDO admin group – mapped to the administrator role in the Fudo system.

For both groups, it is marked that the passwords of these users should be verified in Active Directory.

This is a very important moment in the integration, because this is where we decide who gets standard user access and who receives administrative permissions.

10. Forcing full synchronization
    After saving the configuration, it is worth forcing a full synchronization right away. Thanks to this, there is no need to wait for the automatic refresh process, and the integration results can be checked immediately.

This is a practical approach, especially during testing and the first deployment.

11. Verifying users in the Users tab
    At the end, we go to the Users tab, where synchronized users from Active Directory are already visible.

The video shows three users mapped from AD into Fudo. Two of them are assigned to the standard user group, while one is also in the administrative group and therefore receives the administrator role.

This confirms that the integration is working correctly and that the system can both authenticate users against AD and assign them the appropriate roles in Fudo Enterprise.

What does this integration provide in practice?

Integrating Fudo Enterprise with Active Directory offers several very specific benefits.

Above all, it:

• simplifies user management,
• allows the use of existing domain accounts,
• makes centralized password management on the AD side possible,
• makes it easier to assign roles and permissions based on groups,
• organizes administrative and operational access,
• allows users to be onboarded into the system more quickly.

In practice, this means that the administrator does not have to manually build the entire user structure in Fudo from scratch. They can base the configuration on what already exists in the domain.

What should you pay attention to?

When integrating with Active Directory, it is worth remembering a few things:

• if LDAP in the domain operates in encrypted mode, the encrypted connection must be configured correctly,
• it may be necessary to add the CA certificate,
• user synchronization requires a domain account with appropriate read permissions,
• it is a good idea to think through the mapping of AD groups to roles in Fudo in advance,
• after configuration, it is worth forcing a full synchronization immediately and checking the result in the Users tab.

This makes it easier to avoid problems and confirm more quickly that the integration is working correctly.

Summary

The video shows how to integrate Fudo Enterprise with Active Directory step by step – both in terms of user authentication and synchronization of groups and role assignment in the system.

This is a very practical configuration stage, because it makes it possible to connect Fudo with the existing domain infrastructure and organize the way access to the panel and monitored systems is managed.
If you want to test Fudo Enterprise or need support with deployment, contact us at infoprotector@infoprotector.pl. We will help you prepare the environment and go through the next configuration steps.