There are a few parameters that need to be defined in the i2b2 Admin if you want to use Active Directory services as your i2b2 authentication method. i2b2 supports NTLMv1, NTLMv2 authentication protocols, and OKTA authentication.
The required parameters are listed in the following tables depending on the type of protocol used.
NTLMv1 authentication:
Parameter Name | Values | Required |
|---|---|---|
authentication_method | NTLM | Yes |
domain | Example: i2b2.org | Yes |
domain_controller | Example: pdc.i2b2.org | Yes |
NTLMv2 authentication:
Parameter Name | Values | Required |
|---|---|---|
authentication_method | NTLM2 | Yes |
domain | Example: i2b2.org | Yes |
domain_controller | Example: pdc.i2b2.org | Yes |
OKTA authentication:
Parameter Name | Values | Required |
|---|---|---|
authentication_method | OKTA | Yes |
domain | Example: i2b2.org | Yes |
domain_controller | Example: pdc.i2b2.org | Yes |
In the i2b2 there are different types of parameters that can be defined.
Individual users log in using Active Directory services
- In this scenario, not all users are affected.
- Only those users who have the parameters defined with being required to use their domain (network) id and password to log into i2b2 Web Client, Workbench, and Admin (if they have access).
- Users who do not have the parameters defined will log in using the standard i2b2 authentication method.
- Type of Parameter: User parameter
- The parameters are defined on the user level.
- User parameters only affect the user in which they are entered on.
Note
For those who are not familiar with the i2b2 Admin, here is a quick note on how to navigate around the pages.
For the most part, the i2b2 Admin is comprised of two panels.
The panel on the left is the Navigation panel and contains a number of items that are displayed in a hierarchical tree. These items are grouped together based on their function. (Manage Hive, Manage Cells, Manage Projects, Manage Users)
The information that displays in the panel on the right is driven by whatever item is selected in the Navigation panel. If you click on Manage Users the Manage Users page will display on the right. If you click on a user name in the Navigation panel the Edit User page will display.
Steps to Setup Active Directory Parameters
Steps to Configure Active Directory / SSO Parameters (Admin Dashboard)
Assumption: You’re already logged into the i2b2 Administration Module (Web Client → Analysis Tools → Admin → Admin Dashboard).
If you’re setting a User-scoped authentication (per user)
Use this when a single user needs a specific auth method or AD settings.
In the Admin Dashboard, open Users (default view). Click the pencil icon next to the user you want to configure.
On the user page, click Parameters (optional).
Click Add to insert a new row. Enter the parameter as follows, then Save.
Parameter Name: authentication_method
- Parameter Data Type: Text
Parameter Value: one of
NTLM (NTLMv1)
NTLM2 (NTLMv2)
OKTA (Okta authentication)
Click Add again and enter your AD domain:
Parameter Name: domain
Parameter Value: YOUR_PDC_DOMAIN
Parameter Data Type: Text
Click Add again and enter your domain controller host/IP:
Parameter Name: domain_controller
Parameter Value: YOUR_NT_IP/HOST_DOMAIN
Parameter Data Type: Text
Verify all new parameters are listed; use the pencil (edit) or trash (delete) icons as needed.
If you’re setting a Hive-wide default (global parameter)
Use this to define a domain-wide default auth method and/or AD settings (users/projects can still have their own parameters).
In the Admin Dashboard, click Hive → Global Parameters (Optional).
Click Add New Parameter, enter the fields below, then Save.
authentication_method (Text) → NTLM / NTLM2 / OKTA
domain (Text) → YOUR_PDC_DOMAIN
domain_controller (Text) → YOUR_NT_IP/HOST_DOMAIN
Use the pencil to edit or trash to remove any global parameter.
.
