Showing results for 
Search instead for 
Do you mean 

How to setup Windows Active Directory User for Apollo 2018, 2020

by Technical Evangelist ‎04-12-2018 11:43 AM - edited ‎03-25-2020 09:11 AM (757 Views)

Aollo 16.5(2018) supports Windows Authentication Integration, so Apollo will access Windows Active Directory to search user details, and grant Apollo user permission to Apollo. 

The domain user who need to access data manager need to be in esp_administrator or esp_data_manager group. User can use net command or Microsoft Network tool to search if user is part of esp_administrator or esp_data_manager group.



esp_administrator and esp_data_manager are the minimum group that should be Active Directory. esp_consumer group is optional, and for Apollo 2019 release there will be esp_clip_zip_ship group to give adminsitrators more control over who can/cannot perform download and CZS operations.  Furthermore, esp_data_analyst is reserved for future use and esp_anonymous is not applicable to Windows authentication.


[method 1]  User can use the following command line to check if user is already part of esp_administrator or esp_data_manager group.


>net group "esp_administrator" /DOMAIN



>net group "esp_data_manager" /DOMAIN

For example, the following screen shows the user "hqu" is already in esp_administrator and esp_data_manager group:



[method 2] Another way to search is to use Windows Network tool to add user account to esp_administrator or esp_data_manager group.

Click on Network, and then click "Search Active Directory"




From "Find Users, contacts, and Groups" dialog, search "esp_administrator"



Double click on "esp_administrator", and check all the member in the group.


If you are not in the group, then ask IT to add your account to esp_administrator or esp_data_manager group @ company Active directory.



When user configure Apollo 2018, there are two places user need to specify domain user account:

[place 1] When choose "Windows authentication relies on user details stored in Windows Active Directory", user need to specify domain user account in "Apollo System Username" and "Apollo System Password".



[place 2] When setup service impersonation, user need to choose "Custom" and then specify domain user account once again. This account will give permission to Apollo tomcat service and related IIS services (e.g., Apollo essential, decoder services...)




When user login to Apollo data manager, user can check "Use Windows authentication". In this way, authenticated domain user will automatically logged into Apollo data manager, and Apollo portal.