Azure Active Directory (AD) allows users to authenticate securely and login to their Hosted~FTP~ user account. This feature is available on our Enterprise T2+ and above accounts.
Active Directory Pre-Requisites:
– Active Directory server must have a public URL that can be reached by the cloud-based FTP server(s)
– Hosted~FTP~ will provide the static IP address of the FTP server(s) so that customer can whitelist IP addresses in the Active Directory firewall
– Active Directory server must have an SSL certificate installed
– Active Directory server must respond to LDAPS bind calls on port 636.
For Multi-tenant FTP site customers:
– Requires an SSL certificate from a public certificate authority (CA)
– Requires all Multi-tenant FTP server static IP addresses to be white-listed in the Active Directory firewall
For Single-tenant FTP site customers:
– SSL certificate does not need to be issued by a public certificate authority (CA). Self-signed SSL certificate are also permitted.
– A single static IP address can be white-listed in the Active Directory firewall.
For Multi-tenant FTP site customers:
– Requires a custom DNS name with your managed domain and corresponding SSL certificate from a public certificate authority (CA)
For Single-tenant FTP site customers:
– No custom DNS name is required. The DNS name for the Active Directory server can end with .onmicrosoft.com and a self-signed SSL certificate can be used.
Steps | Instructions | Reference Link |
1 | Enable and configure an Azure Active Directory Domain Services managed domain in your Azure AD tenant | Link |
2 | Create a certificate for secure LDAP | Link |
3 | Export the certificate in .pfx format (encryption algorithm must be TripleDES-SHA1) | Link |
4 | Enable secure LDAP for Azure AD DS | Link |
5 | Lock down secure LDAP access over the internet | Link |
6 | Configure DNS for external access | Link |
After logging in as the Account admin and going to your Setup tab, locate the Active_Directory page and click on Add to setup a new Active Directory. Fill in the fields as recommended below and Save.
Field | Description |
Name | Label of AD |
Provider URL | ldaps://<url_pointing_to_secure_LDAP_external_IP_addresses>:636 (e.g. ldaps://ldaps.hostedftp.com:636) |
Username Prefix | <leave empty> |
Default Value | Enabled |
Security Protocol | SSL |
Security Authentication | Simple |
Active | Enabled |
An admin can go into a user’s settings and locate the Authenticate passwords for this user with… option, click on Customize and select the newly created AD.