# Configure Active Directory Authentication for Wireless Network Access (SSID) There are two ways to enable Microsoft AD Authentication to authenticate wireless users with EnGenius Cloud. * Enable Security Type WPA2/WPA3-Enterprise with AD Authentication. * Enable Captive Portal for user authentication with Active Directory Server. ## Setup Microsoft Active Directory Server The steps below show only the important settings. Please refer to Microsoft documentation and support for assistance. #### To get started: * Select the **Active Directory Domain Services** role to promote a domain controller in the Server Roles steps. ![​Figure01 -- Select Server Roles](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fr74c8q86wddLdQGn0c3J%2Fuploads%2F5G6PftMWhZnReBjOZbix%2FWeb%201920%20%E2%80%93%208.png?alt=media\&token=f14f69ae-2a0e-4fa9-bdd2-1de2bb4c1316) * Configure Access Permission for verifying user credentials * To specify which organization units and groups EnGenius AP can access to verify the user’s credentials. * refer to ​ ​ * Create Firewall rules which are needed for AP to join domain and authentication (ref: ) * 88/TCP/UDP Kerberos * 389/TCP/UDP LDAP * 445/TCP SMB * Note: Microsoft Active Directory server needs to be located in the same VLAN subnet as AP’s management VLAN interface. Even though the SSID enables VLAN, AP still sends SMBv1 packets to communicate with the Active Directory server via AP’s management VLAN interface. ## WPA2/WPA3-Enterprise with Active Directory Server Login to EnGenius Cloud ( ) and click the (hamxxxx) icon to select the Network for configuration. #### To get started: * Go to **Configure > SSID** and select a specific SSID name from the list * From the Wireless tab, select **WPA2 Enterprise** for Security Type * Select **Active Directory** for user authentication * Click **Add a serve**r and enter the configuration (Host, Port, Admin, and Password) for the Active Directory server. * Click the **Apply** button to save SSID configurations. ![Figure02 -- Enable AD Authentication with WPA2/WPA3](https://2788256466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lo1AtG4HHv3uJq1FqqB%2Fuploads%2FAf2WbWFZB5FVqsZWTUAv%2FWeb%201920%20%E2%80%93%209.png?alt=media\&token=125d9e41-fd7a-4e29-ae4f-6051c905e970) Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it. ## Captive Portal Authentication with Active Directory Server Login to EnGenius Cloud ( ) and click the (hamxxxx) icon to select the Network for configuration. #### To get started: * To get started: Go to **Configure > SSID** and select a specific SSID name from the list. * From the Wireless tab, set the Security Type to **Open**. * Enable **Captive Porta**l from the Captive Portal tab. * Select **Active Directory** for Authentication Type * Click **Add a serve**r and enter the configuration (Host, Port, Admin, and Password) for the Active Directory server. * Click the **Apply** button to save SSID configurations. Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it. Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it. ![Figure03 -- SSID list](https://2788256466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lo1AtG4HHv3uJq1FqqB%2Fuploads%2FcB2AueF4mIcmBdX5iARA%2FWeb%201920%20%E2%80%93%2010%20\(1\).png?alt=media\&token=80602d6c-2996-4a3e-aba9-2395db4c8e78) ![Figure04 -- Set the wireless security type](https://2788256466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lo1AtG4HHv3uJq1FqqB%2Fuploads%2FixpXxxgQhzrWwwQdk1qM%2FWeb%201920%20%E2%80%93%2011.png?alt=media\&token=834f8555-d22e-4e31-adaf-95de3ab2cfd8) ![Figure05 -- Enable AD Authentication with Captive Portal](https://2788256466-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lo1AtG4HHv3uJq1FqqB%2Fuploads%2FZktjJpzOtH6qNvbZfFqK%2FWeb%201920%20%E2%80%93%2012.png?alt=media\&token=d01d5ce6-489e-4c53-a29e-e57e5b6cf240)