The AD/LDAP module of version 11.5.0 and higher is required in order to support NTLM authorization feature by Bitrix Site Manager and Bitrix24 Self-hosted.
After enabling and setup, the new NTLM authorization feature starts working as follows:
- An unauthorized user comes to the project to be redirected to an open Apache port (8890 for http or 8891 for https) by the event handler;
- Apache performs NTLM authorization of the user, and the user is redirected back to port 80 or 443 (for http and https, accordingly);
- The user performs the next hits normally.
Let us consider the setup procedure for Bitrix24 Self-hosted.
User NTLM Authorization Setup in Bitrix24 Self-hosted
- During installation, select Allow Active Directory users to authorize in portal in the Wizard:
- Next, enter AD domain connection settings and check the connection:
- Indicate the relation of AD groups to the corporate portal groups:
Bitrix24 is ready to use the NTLM authorization. The next step is to set up the virtual machine.
: If NTLM authorization is to be set up for the local network of the company and employees who work with the portal are required to use a standard authorization, a range of IP addresses for which NTLM authorization is necessary must be additionally indicated in the AD/LDAP module settings: Restrict NTLM redirection to this subnet
(for example, 192.168.0.1/24):
User NTLM Authorization Setup in Bitrix Virtual Appliance
In order to set up the virtual machine, please connect to it as a root user, select the menu option of 15.NTLM authentication, and enter the necessary data.
After confirmation that the data entered are correct, the Wizard will set up and start all the necessary services and also connect the virtual machine to the domain.
: The following command may be used to check the successful introduction of the computer into the domain:
net ads testjoin
The setup is complete. The next step is to check browser settings to ensure successful NTLM authorization.
NTLM Authorization Setup in Browsers
- Internet Explorer
To make sure NTLM authorization is successful, the web server must be located in the Local Intranet zone (if necessary it must be added there):
- Mozilla Firefox:
Add a web server to the list of trusted URI for automatic NTLM authorization (using the parameter
network.automatic-ntlm-auth.trusted-uris on the Firefox page: about:config)
Note: The procedure for enabling NTLM authorization in the already installed Bitrix24 product and also in Bitrix Site Manager is the same as that described above, except that the Active Directory server shall be added manually in the administrative section.