Notifying users with Active Directory/LDAP accounts

Users with Active Directory/LDAP accounts log in to the admin portal and register devices using their Active Directory/LDAP credentials.

To get Active Directory/LDAP users started with Privileged Access Service, you can send them an invitation or you can provide the following URL to the users and tell them to use their Active Directory/LDAP credentials to log in:

They use the same credentials to register devices.

Simplifying logging in to Privileged Access Service portals for Active Directory/LDAP accounts

Users with Active Directory accounts can log in to the Admin Portal without entering their user name and password from computers that are within your organization’s intranet. For example, you can log in to Admin Portal without entering your credentials by appending the login suffix to the portal’s URL as follows:<loginsuffix>

If you have not yet defined any other login suffixes, you can use the default suffix—your Active Directory account’s UPN suffix. For example, if your domain name is, you would enter the following URL to log in without entering your user name and password:

See How to use login suffixes to learn about login suffixes.

Similarly, users can log in to the Admin Portal by adding the login suffix to their URL. In this case the syntax is as follows:<loginsuffix>

Both of these methods use Integrated Windows Authentication to authenticate the user using their Active Directory credentials and require the user to be on your organizations intranet. You may need to reconfigure the default Integrated Windows Authentication settings and define IP Addresses on your Centrify Connector to use this feature. See How to configure Integrated Windows authentication to configure a Centrify Connector.

You can also define a login suffix as an alias for a long Active Directory/LDAP UPN suffix. See Creating an alias for long Active Directory domain names for the details.