Redgate Monitor 14

Authenticating with Active Directory

By default, users log in to Redgate Monitor using the passwords set by the administrator.

Alternatively, administrators can set Redgate Monitor to authenticate users with their Active Directory credentials. Redgate Monitor will use the Base Monitor service account credential to query Active Directory. The Base Monitor service account details are stored in the Windows credentials store on the machine where the monitoring service is installed.

We recommend configuring authentication against Active Directory using OpenID Connect rather than the native integration described in this article. 

Using Active Directory, administrators can restrict which servers users can access.

For more information about Active Directory, see: So What Is Active Directory? in the MSDN documentation.

For a quick demo of using AD authentication and adding Redgate Monitor users, see the Authentication video on Redgate University.

Switching to Active Directory authentication

Only administrators can switch to Active Directory authentication.

  1. In the Configuration page, under Users, click Authentication settings:



  2. Select Active Directory (via LDAP):



  3. Enter the domain name.
  4. Enter the base DN (optional). For example: ou=DBA,dc=domain,dc=com.
  5. Under Service account, you can use the "Base Monitor Service account" to query Active Directory. This was introduced in 12.1.7. If you're running an older version (or a different account is preferred, chose "Specify a windows account"), enter the username and password for this account. Redgate Monitor stores the service account login details and uses them to query Active Directory.

    To use a GMSA account to query AD, you need to run the base monitor as the GMSA account, then select "Base Monitor Service account".

    If the service account password changes or the account is deleted, Redgate Monitor won't be able to authorize users. If this happens, you'll need to update the service account details in the Redgate Monitor authentication settings.

    To avoid this, you might want to create a new account that's unlikely to change.

    You can optionally test the connection from here.

  6. Add an administrator user or group (This must be an existing Active Directory user or group.):

    Redgate Monitor supports security groups, but not distribution groups. For more information on group types in Active Directory, see Group types: Active Directory (TechNet).

    We recommend you create an administrator group and specify this as the administrator account. This means you can add more users to the administrator group in in Active Directory instead of configuring new users in Redgate Monitor.

  7. Click Save settings
    Redgate Monitor logs you and all other users out.
  8. Log in to Redgate Monitor with your domain credentials.

In case of any problems or misconfiguration, follow Switching back to Redgate Monitor basic authentication.

Adding additional Active Directory domain configurations

Additional domains can be added to Redgate Monitor in order to allow users from more than one Active Directory domain. Domains with two-way trust should work implicitly, but other types of trust or non-trusted domains will need to have a service account provided in order to function.

  • Select Add domain to add an additional Active Directory domain to Redgate Monitor.
  • Enter the Domain name, Base DN (optional), Service account Username and Password.
  •  Optionally test the connection.
  • Click Save settings and the new domain will be added to Redgate Monitor.

One account per Active Directory domain will be added to the Windows Credential Manager. These accounts will have the name formatted SQL_Monitor_AD_ServiceAccount_<Domain> (where <Domain> is the name of the domain). Additionally, an account named SQL_Monitor_Installer_Account will be created when you choose to save credentials during installation.

Switching from Active Directory authentication to default authentication

Only administrators can switch from Active Directory authentication to default authentication.

  1. Log in to Redgate Monitor as an administrator.
  2. In the Configuration page, click Authentication settings:



  3. Select Basic authentication.
    The Confirm authentication changes window opens:

     
  4. Click Confirm
    Redgate Monitor logs you and all other users out.
  5. Log in to Redgate Monitor with your Redgate Monitor credentials.
    If you've forgotten your password, see: Resetting your Redgate Monitor password



Didn't find what you were looking for?