ADC Installation Requirements

ADC Installation Requirements

Download our handy ADC checklist at the bottom of this page!

The ADC is installed on a server within your network, it is not necessary, or recommended, for this server to be the domain controller.

When supporting seamless SSO the ADC acts as a local, self-hosted, web app server.  This server must support https, therefore a valid SSL/TLS certificate is required, this is covered in detail later in this document.

This server must be able to connect to the My1Login cloud services (https://app.my1login.com) and must also be resolvable (on its custom port) by all users within the enterprise.

1.1  ADC Server Software

These following items need to be installed on the server that hosts the AD Connector:

  1. Server Operating System, Windows Server 2012 or later
  1. .NET Framework 4.8, or later

1.2  ADC Service User

The ADC is a windows service that runs as an AD user. It is recommended that a service user be created for the ADC.

If using ADSSPR, it is necessary that the service user has domain admin permissions.

1.3  ADC Server Networking Requirements

The ADC must be able to connect to your company’s sub-domain under my1login.com (e.g. https://mycompany.my1login.com) over port 443 and be able to connect to https://messaging.my1login.com and https://msg.my1login.com over the same port (443).

To support seamless SSO within the enterprise, your users’ browsers must be able to connect to the ADC’s self-hosted app server.  This app server runs on a custom port (default 47810) and it must be bound to a valid certificate whose subject matches the hostname of the server.

The ADC is proxy aware and works with most authenticating and non-authenticating proxies.  However, the configuration in your enterprise may be such that rules have to be added to allow direct connection to the my1login.com domain.

Some sites require that the my1login.com domain is added to the trusted sites zone in internet options.

1.4  Server Time

My1Login’s web service calls use an HMAC scheme to help protect against malicious use.  This scheme requires that the clocks on the client servers / PCs and the My1Login servers are no more than 5 minutes adrift. 

The ADC management UI shows this time difference.

1.5  Web Configuration Details

You will need the following information to hand to configure the web app for the ADC:

  1. The hostname of the server the ADC will be installed on
  2. The port that you wish the ADC app server to run against (47810 is our default value)
  3. Domain controller hostname
  4. Domain name
  5. BaseDN of the domain
    1. Normally just the domain name with “DC=” before each part
    2. E.g. for domain dev.my1login the BaseDN is DC=dev,DC=my1login
  6. The DN(s) of the roots of the tree(s) you wish to sync with My1Login.

1.6 Domain Controller Prerequisites

On the Domain Controller:
  1. To create a valid, local certificate, the domain controller must be running AD Certificate Services (or you have an alternative way of creating valid domain certificates).

1.7  .Net Framework connectionManagement option

In .NET by default, supports only 2 TCP connections to the same IP address in parallel. This will affect the number of users who can login per second. The following is a link to Microsoft on more information around this setting.

https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/network/add-element-for-connectionmanagement-network-settings


Here is a suggested formula to figure out if you need to increase the number of connections required for users to login:

maxconnection = ((Estimated number of logins per second) x (10)) / (Number of ADC machines)


1.7.1 Changing the maxconnection setting value

The file where this option can be set is in the following file directory on your server:

“C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config”

You can add the following to change the max number of connections:

  <system.net> 

    <connectionManagement> 

      <add address="https://*.my1login.com" maxconnection="the number you require" />

    </connectionManagement> 

  </system.net>

Where “the number you require” equals the number from the maxconnection formula you used above.



    • Related Articles

    • How the Active Directory Connector (ADC) works

      How the Active Directory Connector (ADC) works The My1Login Active Directory Connector (ADC) extends your AD domain into the My1Login cloud Identity registry enabling seamless single sign on to the My1Login system. The ADC supports bi-directional ...
    • Troubleshooting: The Active Directory Connector (ADC)

      If you are experiencing unexpected behaviour with your ADC, here are some quick checks you can perform: Check that the ADC is switched on and running Have you restarted the ADC? Is there an active internet connection on the server that is hosting the ...
    • Getting Ready to Install the ADC

      The ADC reads some of its configuration details from the Active Directory configuration settings on your My1Login web account. This configuration needs to be setup prior to installing the ADC. 1.1 Defining AD Objects to be Synchronised The ADC may be ...
    • Load Balancing Multiple Active Directory Connectors

      Load balancers distributes traffic across multiple servers and ADCs. The purpose is to provide a balanced service across its pool of servers and increasing resiliency. My1Login ADCs can be installed across multiple domain controllers in this pool of ...
    • ADC Management

      Starting/Stopping the ADC Service Navigate to the server where the ADC is hosted. Search for "ADC" and open the ADC UI. Check the status of the ADC - Running or Stopped - you can see this on the ADC service Control Tab Stop/Start service Performing ...