Authentication Across Trusted Active Directory Domains in Ignition

Christian_Michiels · August 5, 2024, 1:04pm

I have two Active Directory (AD) domains with a two-way trust relationship. My goal is to authenticate users from Domain A while Ignitions LDAP settings are configured for domain B.

Scenario:

Domain A: Some users are located here.
Domain B: Ignition LDAP configuration points here.
Trust Relationship: Two-way trust between Domain A and Domain B.

Question:
Is it possible to authenticate users from Domain A to Domain B using Ignition's AD authentication? If so, could you provide guidance or best practices on how to configure this setup within Ignition?

Any insights, documentation, or examples would be greatly appreciated!

Thank you in advance for your help.

michael.flagler · August 5, 2024, 8:04pm

I'm curious about this as well. In digging, nested groups is coming supposedly in 8.3, but I'm playing with domain trusts now and haven't gotten it to work, but figured I was maybe missing something. Seems that even if I suffix the user with the trusted domain name, it still doesn't work.

Ideally, local groups in the configured domain could have users from the trusted domain and the configured domain that allows users from either to log into the system. Hoping someone chimes in on suggestions or if this just doesn't work (in which case I'm going to have bad news for our client).

Christian_Michiels · August 20, 2024, 5:55pm

Bumping looking for some clarification.