Active Directory Configuration Guide

Overview

zID acts as the Identity Provider (IdP) for zMan Director and is built on Keycloak. It provides centralized authentication and authorization for:

zMan Director UI
SnapOS endpoints

zID supports integration with external identity providers such as:

Microsoft Active Directory (AD)
Google Authentication
Federated identity providers

This allows organizations to leverage existing user directories without manually recreating user accounts inside zMan Director.

Configure Active Directory for SnapOS User Login

Step 1: Login to zMan Tenant

Open the zMan tenant portal:

https://<zman-server-ip>/zman-tenant

Example:

https://10.200.xx.xx/zman-tenant

After logging in:

Click the Settings icon in the upper-right corner
Select ZID Login – zTC

Step 2: Access the zID Portal

After selecting ZID Login – zTC, a new browser tab opens the zID login portal.

Enter the tenant credentials to continue.

zID Login Portal

Step 3: Configure LDAP Provider (Active Directory)

Step 3.1: Add LDAP Provider

From the zID portal:

Select User Federation from the left navigation pane
Click Add LDAP Providers
Select:

Vendor: Active Directory

Enter the LDAP connection details:

Connection URL: ldap://<ip>:<port>

Example:

ldap://10.200.43.xx:389

Click Test Connection.

Verify that the LDAP connection test succeeds before proceeding.

LDAP Connection Settings

Step 3.2: Configure Bind Credentials

Configure the LDAP bind settings:

Setting	Value
Bind Type	Simple
Bind DN	cn=Administrator,cn=Users,dc=xxxx,dc=xxxx eg. cn=Administrator,cn=Users,dc=testdomain,dc=local
Bind Credentials	`<domain-password>`

Click Test Authentication and confirm authentication succeeds.

LDAP Bind Authentication

Step 3.3: Configure LDAP Searching and Updating

Configure the following LDAP search settings:

Setting	Value
Edit Mode	WRITABLE
Users DN	cn=users,dc=xxxx,dc=xxxx eg. cn=users,dc=testdomain,dc=local
Username LDAP Attribute	cn
RDN LDAP Attribute	cn
UUID LDAP Attribute	objectGUID
User Object Classes	organizationalPerson, user
User LDAP Filter	`(&(objectCategory=Person)(sAMAccountName=*))`
Search Scope	Subtree

After entering the values, click Save.

Step 3.4: Default Configuration Settings

Leave the following sections at their default values:

Synchronization Settings
Kerberos Integration
Cache Settings
Advanced Settings

Step 3.5: Synchronize LDAP Users

To import Active Directory users into zID:

Open the configured LDAP provider
Navigate to the Actions menu in the upper-right corner
Select Sync All Users

This imports all Active Directory users into zID.

Sync LDAP Users

Step 4: Verify Imported Users

To verify that users were imported successfully:

Select Users from the left navigation pane
Enter:

in the search field

Press Enter

All synchronized Active Directory users should now appear in the user list.

Imported Users

Step 5: Configure zTC for zID Authentication

After completing the zMan Director configuration, configure the SnapOS zTC endpoint for zID authentication.

On the zTC endpoint:

Navigate to:

Start Menu → Applications → Logon Configurator

Configure the following:

Setting	Value
Enable Autologin	Unchecked
zMan Server IP	`<zMan server IP>`
*Tenant Name	`<tenant-name>-ztc`

Select:

Reboot Now

Then click Apply.

Logon Configurator Settings

* Important Notes

For SnapOS endpoint login, the tenant name must include the -ztc suffix.

Example:

zman-tenant-ztc

For zMan Director UI login, use the tenant name without the -ztc suffix.

Example:

zman-tenant

Step 6: Validate User Login

After the zTC endpoint reboots:

The login screen appears
Enter a valid Active Directory username and password

Upon successful authentication, the user is logged into the SnapOS session.

SnapOS Login Screen

Configure Active Directory for zMan Director UI Login

The previous configuration applies specifically to SnapOS endpoint authentication through zID.

To enable Active Directory authentication for the zMan Director UI:

Open zMan Director
Click the Settings icon in the upper-right corner
Select zID Login
Repeat the same LDAP configuration steps beginning from Step 2

Verify the following:

LDAP integration is configured successfully
Active Directory users are synchronized properly

Once completed, users can log into the zMan Director UI using their Active Directory domain credentials.

zWAN as a Solution

zTC as a Solution

Secure Endpoint Solutions

Zero Trust Network

Network Infrastructure

Network Storage

Active Directory Configuration Guide

SnapOS

SnapOS

Getting Started

Session Connections

Peripheral & Application Management

Security & Certificates

System Administration & Updates

Diagnostics & Recovery

Support & Resources

zMAN

Overview & Architecture

Installation & Setup

Onboarding

Analytics & Monitoring

Device Management & Dashboard

Firmware & Repository Management

Profiles & Settings Management

Support & Resources

zDM Integration & Provisioning

User Management

Configuration

Firmware Update

Reset VNC

Task Management

Repository Management

Server Configuration

Provisioning

Group Management

Solutions

Voice-Over-IP/Video Conferencing

Validation and Test Cases

Proof of Concept Test Cases

zTC

Diagnostics & Recovery

Getting Started

Peripheral & Application Management

Security & Certificates

Session Connections

Support & Resources

System Administration & Updates

zWAN

Deployment

Getting Started

Introduction

Configuration

Installation Guides

POC Evaluation

Director

Device Management

Edge Controllers

Analytics

System

Backup and Restore

Network

Analytics

Reporting

Alerting

User Management

Edge Controllers

z25

Troubleshooting

z40

Device Management

z50

Troubleshooting

Frequently Asked Questions

zAccess

Endpoint Sessions

Event Logs

Gateway Devices

Network Configuration

Policy Configuration

StorTrends