Use the Authentication tab to select the authentication mode for your Morro account.
The four types of authentication are:
- Morro Users
- Active Directory
- Azure AD (Azure Active Directory)
The default authentication mode is Morro Users.
Some settings from the previous authentication mode can be preserved making it easier to go back to a previous mode if required. If this option is available, you will be prompted when switching to a new security mode.
Morro Users mode uses local user accounts to manage authentication.
Using Morro Users Mode in a Domain environment
Use Active Directory mode to integrate the system into your Active Directory domain. To apply share-level access permissions settings, users must be imported in the Users tab.
Use the chart near the top of the page to check the current domain status for each device in the account. Click Check to verify the domain join status. Click Domain Info for information on the currently joined domain.
The available options are:
- DNS Realm - The fully qualified domain name of the domain.
- NetBIOS Domain Name - The NetBIOS name of the domain.
- Computer OU - The organizational unit to which this device should belong. If you do not specify the Computer OU, the computer account will be created in the default Computers container. For format information, please see the OU Format section below.
- Allow Web Access For - The users allowed to access the Team Portal. The three options are All Domain Users, Users explicitly imported, and Users in specified OU. By default, all AD users can access the Team Portal using a browser or the Morro Connect app. Access can be restricted by specific OUs or by users that are imported into the Morro Data account.
- Account OU - Works with the option "Users in specified OU" from "Allow Web Access For". You may specify multiple OUs separated by semicolons (;).
- Domain Administrator - The domain administrator account.
- Password - The domain administrator password.
Use the Rejoin button in the lower right part of the screen to repeat the AD join process. This can sometimes solve issues with AD integration.
OUs should be entered from top level to bottom without RDUs and a '/' as the level delimiter.
To enter a top-level OU, simply enter the OU name, i.e. "Computers".
An example of a nested OU: If the top-level OU is "Company", and under "Company" is another OU named "Servers", enter "Company/Servers" in the field.
Leading and trailing whitespace characters are not allowed in OU names (Windows also will not allow this).
If the OU contains a '/' or '\' in the name, it must be prefixed with a '\'. For example, if the OU name is "slash/slash\slash", then it must be entered as "slash\/slash\\slash".
In some cases, depending on the Windows server locale setting, browser used, and client PC OS used, '/' may be interpreted as another character (for example, we saw the currency symbol for Japanese Yen or Chinese Yuan in one instance). We recommend avoiding the '/' character when naming OUs.
Use Azure AD mode to integrate the system into your Azure Active Directory domain. To apply share-level access permissions settings, users must be imported in the Users tab.
Note: Users must login to the Team Portal at least once before connecting to shares over SMB.
To switch to Azure AD mode:
- Select Azure AD in the "Change Mode to" selection box.
- Click the "Switch To This Mode" button.
- You will then be prompted for your Microsoft login. Login and accept the requested permissions to complete the process.
Note: The Microsoft account used for login must have the following API permissions:
- Sign in and read user profile
- Read all groups
- Read directory data
- Access user's data anytime
Windows Hello PIN sign-in is not compatible with Azure AD mode and should be disabled.
In the lower right corner of the screen, you will see additional options:
- Rejoin Azure AD - Use this option to repeat the Azure AD join process. This can sometimes solve issues with the Azure AD integration.
- Sync Group Info From Azure AD - Synchronize the group information in your Morro Account with Azure AD.
Use LDAP mode to use an LDAP server for authentication. We recommend using JumpCloud for LDAP as a service.
For more information on JumpCloud integration, see the following article:
The available options are:
- LDAP Server Address - The FQDN of the LDAP server.
- Base DN - The base DN for your organization.
- LDAP Bind DN - The DN of the user account used to connect to LDAP.
- LDAP Bind DN Password - The password for the user account used to connect to LDAP.
- Verify Server Certificate - Check to enable server certificate verification.
At the bottom of the screen, you will see additional options:
- Microsoft 365 Integration (JumpCloud only) - Use this feature to allow SharePoint Sync to use JumpCloud as the identity manager.
- Rejoin - Use this option to repeat the LDAP join process. This can sometimes solve issues with LDAP integration.
- Sync User/Group From Server - Synchronize user and group information in your Morro Account with your LDAP server.