Set Up AD/LDAP Connector Test Environment

You can set up a test environment by creating a minimal AD Domain Controller installation on a cloud-deployed virtual machine (VM). You can run your VM on any cloud platform. This example shows how to set one up on Microsoft Azure.

  1. Create a virtual machine on the Azure Management console.

  2. Click on the ENDPOINTS tab of the new VM, and take note of the PUBLIC PORT for the Remote Desktop endpoint.

  3. Open up Microsoft Remote Desktop client (Windows or Mac) or the client of your choice (such as rdesktop for Linux systems). Create a new connection to your VM.

  4. Open the connection, disregarding any certificate warnings presented by the Remote Desktop client. If you're prompted to find PC's, devices, and content on the local network, choose No.

  5. Click the PowerShell icon in the Windows Task Bar to open the PowerShell Command Prompt. Install ADDS.

  6. Promote the server to a domain controller that manages a FQDN of mycompany.local.

  7. When prompted for the SafeModeAdministratorPassword, enter the Administrator password you used when creating the VM. Click Enter to continue. The promotion script will run and the VM will automatically reboot.

  8. Add test groups and users. Log into VM using the Remote Desktop client and open the PowerShell Command Prompt. Run the following script:

        > New-ADGroup -Name "Accounting" -GroupScope "DomainLocal"
        > New-ADGroup -Name "IT" -GroupScope "DomainLocal"
        
        > New-ADUser -GivenName Bob -Surname Johnson -Name "Bob Johnson" -SamAccountName bob.johnson -Enabled $True -AccountPassword (ConvertTo-SecureString "Pass@word1!" -AsPlainText -force) -PasswordNeverExpires $True
        > New-ADUser -GivenName Mary -Surname Smith -Name "Mary Smith" -SamAccountName mary.smith -Enabled $True -AccountPassword (ConvertTo-SecureString "Pass@word1!" -AsPlainText -force) -PasswordNeverExpires $True
        
        > Add-ADGroupMember -Identity Accounting -Members "bob.johnson", "mary.smith"
        > Add-ADGroupMember -Identity IT -Members "mary.smith"
        
    

Install and configure AD/LDAP Connector

  1. Navigate to Auth0 Dashboard > Authentication > Enterprise, and create a new Active Directory/LDAP connection with the name auth0-test-ad. Be sure to copy the Ticket URL that is generated at the end of those instructions.

  2. On the VM, disable Internet Explorer Enhanced Security Configuration.

  3. Open Internet Explorer with the Ticket URL you saved in step 1.

  4. Follow the instructions in the browser to download, install, and configure the Connector. When you are prompted for the LDAP service account, use the admin account you created for the VM: Username: mycompany\ad-admin, Password: (same as before).

  5. When you're done configuring and installing the Connector, reboot the server.

  6. Log back into the VM using Remote Desktop.

  7. Open the Connector configuration site by navigating to http://localhost:8357/.

  8. Check that the Connector is able to find a user:

    1. Click on the Search tab.

    2. Under "Find User by Login", type mary.smith.

    3. Click Search. You should get JSON back that contains that user's AD profile data:

Test authentication from Auth0

To ensure that everything is working using your Auth0 account, we're going to configure your Default App in Auth0 to use your new Active Directory / LDAP Connection, and use the /authorize endpoint to initiate an authentication flow.

  1. Navigate to Auth0 Dashboard > Applications > Applications.

  2. Click the Settings icon of your Default App.

  3. Add http://jwt.io to the list of the Application's Allowed Callback URLs.

  4. Click the Connections tab.

  5. Under Enterprise, enable the auth0-test-ad Active Directory / LDAP connection.

  6. Test the authentication flow by opening the following link in your browser:

    https://YOUR_DOMAIN/authorize?response_type=token&scope=openid%20profile&client_id=YOUR_CLIENT_ID&redirect_uri=http://jwt.io&connection=auth0-test-ad
    
    

  7. Log in with one of the test users that was created in the directory:

    • Username: mary.smith or bob.johnson

    • Password: Pass@word1!

  8. If everything is working, you should be redirected to the JWT.io website to see the contents of the resulting JWT.