Hero_Flow User Authentication

Hero_Flow uses Lightweight Directory Access Protocol (LDAP/LDAPS) and Active Directory (AD) as authentication systems for identifying users.

When LDAP/AD authentication is enabled, the default admin authentication, the Hero_Flow’s user list, and the Hero_Cloud authentication are deactivated. Users in Hero_Flow that logged in with the default authentication are immediately logged out when LDAP/AD is enabled. 

If LDAP/AD authentication is disabled in the Hero_Flow settings, those default authentication systems are reactivated.

Configure User Authentication

To configure user authentication:

  1. Open Hero_Flow.
  2. Navigate to the Administration overview page from the menu on the left of the screen in Hero_Flow.
  3. Click LDAP(S)/Active directory.
  4. Enter your authentication system settings.

    • Check the box to enable LDAP/AD authentication in Hero_Flow
    • Select an encryption method:
      • None
      • LDAPS
    • Enter the authentication server address and port number.
      • Example: <server>:<port>
    • Enter the distinguished name (DN) of a user with rights to query the Active Directory/LDAP tree.
    • Enter the password.
    • Enter the user search base (base DN)
      • The user search base is where the search begins in the Active Directory hierarchical structure for user account entries.
    • Enter the user name attribute. 
      • The user name attribute does not need to be an RDN (primary key in the subtree). Any attribute that matches the login name and unique identifier. 
    • Select the role query option:
      • No query, use default roles.
        • If the role query is off, all mapped user(s) have access to the Hero_Flow Administration tab.
      • Query from LDAP server.
        • Enter the search base.
        • Enter the search filter.
          • Use the search filter to substitute the login name / DN of a user.
            • Example: (&{objectClass=groupOfUniqueNames)(UniqueMemberName={0}))
        • Enter the role attribute.
        • Select a role query substitution.
          • Login name
          • Full DN

  5. After entering the configuration settings, click Test authentication settings.
  6. Enter the name and password for a user (The user must be an "admin" in Hero_Flow.) in your authentication directory and click Test.
  7. If the user can be authenticated, a message appears at the top of the screen that says Authentication successful.
  8. Click OK to enable the authentication directory.