---
title: "On-Premises Active Directory"
slug: "360023405554-on-premises-active-directory"
tags: ["Enterprise", "Essentials", "Premium"]
updated: 2026-04-07T09:00:17Z
published: 2026-04-07T09:00:17Z
canonical: "support.perimeter81.com/360023405554-on-premises-active-directory"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.

# On-Premises Active Directory

## Introduction

You can integrate Check Point SASE with Active Directory/LDAP through the Active Directory/LDAP connector installed on your network. The connector serves as a bridge between Active Directory and the Check Point SASE service.

![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1774353904504.png)

Note -

For high availability and load balancing, install multiple connector instances. All connections are outbound to Check Point SASE, so firewall changes are generally unnecessary.

## Enabling Active Directory/LDAP Connection

1. Access the Check Point SASE Administrator Portal and click **Settings** > **Identity Providers**.

The **Identity Providers** page opens. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1774354213103.png)
2. Click **Add Provider**.

![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1774354281111.png)
3. Select **Active Directory / LDAP**.
4. Click **Continue**.

![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1774354390216.png)
5. In the **List of domain names** field, enter the domain name to allow log in to the Active Directory/LDAP connection. For example, quantumsase.com.
6. To find your domain name:
  1. Open **Control Panel** on your computer.
  2. Go to **System and Security** > **System**>**Advanced system settings**.

The **System Properties** window appears.
  3. Go to the **Computer Name** tab to find your domain name.
7. Click **Done**. The **Edit Active Directory / LDAP connection** window appears. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1774444641254.png)
8. To copy the **Ticket URL**, click **Copy Link**.

This Ticket URL is required when you are [linking to Harmony SASE](/v1/docs/360023405554-on-premises-active-directory#link-to-harmony-sase).
9. Click **Install Windows Agent** and follow the instruction to download the **Auth0 Active Directory/LDAP Connector for Windows** file, see [Download the Installer](https://github.com/auth0/ad-ldap-connector). The MSI file downloads.Updated a
10. Locate the downloaded MSI file, run the installer, and follow the instructions. ![httpsfilesreadmeioe8cac20-adldap-connector-setup.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/httpsfilesreadmeioe8cac20-adldap-connector-setup.png)

> Note - The connector can be installed on an existing server, even a Domain Controller. However, more often it is installed on virtual machines provisioned just for the Connector.

The AD/LDAP connector is installed as a Windows Service. ![httpsfilesreadmeiof4f68ba-adldap-connector-services.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/httpsfilesreadmeiof4f68ba-adldap-connector-services.png) The Auth0 window appears once the installation is complete. ![httpsfilesreadmeioe2e4ac9-adldap-connector-admin-ticket.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/httpsfilesreadmeioe2e4ac9-adldap-connector-admin-ticket.png)

## Link to Check Point SASE and LDAP

1. To link Check Point SASE:
  1. In the **Ticket URL** field, enter the URL. See step 8 in [Enabling Active Directory/LDAP Connection](/v1/docs/360023405554-on-premises-active-directory#enabling-active-directoryldap-connection).
  2. Click **Continue**. ![httpsfilesreadmeioe2e4ac9-adldap-connector-admin-ticket.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/httpsfilesreadmeioe2e4ac9-adldap-connector-admin-ticket.png)

Note -

If you receive an **Unable to get local issuer certificate** error message, set an environment variable `NODE_TLS_REJECT_UNAUTHORIZED` with value 0 in your Windows system, and then restart the two Auth0 services. For more information, see [Creating and Modifying Environment Variable in Windows](https://docs.oracle.com/cd/E83411_01/OREAD/creating-and-modifying-environment-variables-on-windows.htm#OREAD158).
2. To link LDAP, enter these:
  1. **LDAP Connection String** - Domain name or IP address of your LDAP server. For example, Idap://<my company>.com/

> **Note**- Your LDAP server is the local domain controller where Active Directory is installed. The protocol can be either LDAP or LDAPS. To use LDAPS, make sure that the certificate is valid in the current server.
  2. **Base DN** - Base container for all the queries performed by the connector. For example, `dc=&lt;my company&gt;,dc=com`
  3. **Username**- Full name of the user with administrator rights to perform queries. For example, `cn=&lt;domain name&gt;,dc=&lt;my company&gt;,dc=com`
  4. **Password** - Password of the user. ![httpsfilesreadmeio0e711ac-adldap-connector-admin-settings.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/httpsfilesreadmeio0e711ac-adldap-connector-admin-settings.png)
3. Click **Save**.

The connector performs a series of tests. Make sure all tests result appear as **OK**. ![httpsfilesreadmeio1dbed76-adldap-connector-admin-settings-ok.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/httpsfilesreadmeio1dbed76-adldap-connector-admin-settings-ok.png)
4. Find the AD/LDAP connector's config.json file in this location:` C:\Program Files (x86)\Auth0\AD LDAP Connector`
5. Open the config.json file in a text editor and add this after the second line:`"LDAP_USER_BY_NAME": "(mail={0})",`

![360008228339ScreenShot2020-01-21at145845.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/360008228339ScreenShot2020-01-21at145845.png)
6. Go to **File**and then click **Save** to save the config.json file.
7. Go to **Properties** > **General**.

![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-E9839RRT.png)
8. In the **First name** field, enter the user name.
9. In the **E-mail** field, enter the email id of the user.
10. Click **OK**.
11. Restart the AD/LDAP Connector service.

![360008229359mceclip2.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/360008229359mceclip2.png)
12. To prevent unauthenticated LDAP bind requests (unauthorized access to directory information and protecting sensitive data from potential exploitation):
  1. Open **ADSI Edit** (press Win + R, type `adsiedit.msc`, and press **Enter**).
  2. In **ADSI Edit**, right-click on **ADSI Edit** at the top of the left navigation pane and select **Connect to**.
  3. Under **Select a well known Naming Context**, select **Configuration**, and click **OK**.
  4. In the left navigation pane, expand **Configuration**> **Services**> **Windows NT**.

![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-WL3XCUAB.png)
  5. Right-click **CN=Directory Service** and select **Properties**.
  6. In the **Attributes Editor** list, scroll down and locate **msDS-Other-Settings**, and double-click it.
  7. In the **Value to add** field, enter `DenyUnauthenticatedBind=1` and click **Add**.
  8. Click **OK**to save your changes, then click **Apply**and **OK**to close Properties.