Breadcrumbs

Universal Orchestrator Configuration with Active Directory

Universal Orchestrator Configuration

By choosing Active Directory (AD) the window expands and the Universal Orchestrator Configuration opens.

  1. Command Agents URL (required):
    Enter the URL of the orchestrator API on the Keyfactor Command server.
    Keyfactor/Agents endpoint e.g.: https://your-server.example.com/Keyfactor/Agents

  2. Orchestrator Name (required):
    Enter the name the orchestrator uses to register in Keyfactor Command.

  3. Log Level:
    Select from the drop down menu the logging verbosity level. Logging verbosity

Active Directory Authentication

  1. Username: Enter the Active Directory username.

  2. Password: Enter the Active Directory password for the account.


Universal Orchestrator Truststore

The orchestrator uses HTTPS to communicate with Keyfactor Command.

By default, the orchestrator does not trust any certificates, not even those
issued by public certificate authorities.
To use TLS, it is necessary to explicitly upload the certificate from the certificate authority
that issued the Command Server's TLS certificate.

Configuring the Truststore:

  1. Add trusted certificate authorities to specify which certificate authorities the Universal Orchestrator should trust when connecting to Keyfactor Command.

  2. Click Upload Trusted CA.

  3. Upload the CA certificate(s) that signed the Command server’s TLS certificate in PEM format.
    If using an intermediate certificate authority, upload all certificates in the chain.

  4. Click Save to apply the configuration.

  5. The Orchestrator is automatically registered in Command.

  6. Verify the connection in Command by checking the orchestrator status.