PMC Authentication Systems: Connecting Microsoft AD and Entra ID

PMC Authentication Systems: Connecting Microsoft AD and Entra ID

Overview

This article helps when an issue arises creating a new Authentication System in PMC (Administration > Authentication > Create). An administrator hits a certificate error during the connection test, or does not see the expected certificate in the CA certificate drop-down.

Environment

  1. NComputing PMC Endpoint Manager
  2. Authentication Systems feature, Server Type: Microsoft Active Directory or Microsoft Entra ID

Cause

For directory connections that validate a TLS/server certificate, PMC requires the relevant CA certificate to be uploaded as a file resource before it appears in the CA certificate drop-down on the Authentication System form. Environments that have configured authentication before often already have several CA certificates on file (per domain or site)

Notes
Note: Read through this document and you will see a drop-down menu in PMC where you can check for an existing Cert before assuming none exist and uploading a duplicate.

Resolution

Step 1: Upload the CA Certificate (if required for your Server Type)

  1. Navigate to Administration > Files. Under Upload File, open the File Type drop-down and select CA certificate in PEM format. Click Browse, select your certificate file, and upload it.

Step 2: Create the Authentication System

Go to Administration > Authentication and click Create. The Create Authentication System dialog has three sections:
  1. General Settings: Server type (Microsoft Active Directory / Microsoft Entra ID), Display name, Enable, Use global MFA settings, Use global security lockdown rules.
  2. Connection Settings: Server URL, Domain name, CA certificate (drop-down), Ignore certificate subject, Test connection.
  3. User Lookup Settings: User lookup base DN, PMC users group DN, Advanced user lookup settings (expandable).


Step 3: Select the CA Certificate and Complete Connection Settings

Select the uploaded certificate from the CA certificate drop-down (Microsoft Active Directory Server Type).

Navigate to Administration > Files.
  1. Under Upload File, open the File Type drop-down list and select CA certificate in PEM format.

  2. Click Browse, select the CA certificate file, and upload it successfully.
  3. Then set:

    • Ignore certificate subject: Enable if the server certificate's Subject CN does not match the server's FQDN.
    • User Lookup Base DN: This must be the DN of an Organizational Unit rather than a group.

Step 4: Test the Connection

Use the "Test connection" link in the dialog. A successful result confirms the certificate and connection parameters are valid but does not by itself grant any user access.

Step 5: Configure Authorization

  1. Navigate to Group Membership Rules.
  2. Map the appropriate Active Directory group to a local PMC group.
  3. Assign the desired User Role (for example, PMC Super User) to grant the appropriate administrative permissions.

Conclusion

Following these steps ensures PMC can successfully connect to your directory service and authenticate users through either Microsoft Active Directory or Microsoft Entra ID. Once the connection test passes and authorization is in place, directory users will have access to PMC.

For any questions, please contact NComputing Support.


Article #KB872

Last Edited: 07/02/2026




    • Related Articles

    • [Release Notes] PMC Endpoint Manager

      NComputing PMC Endpoint Manager Version 4.2.1 Release Notes PRODUCT RELEASE NOTES: NCOMPUTING PMC ENDPOINT MANAGER, VERSIONS 4.2.1 Product: NComputing PMC Endpoint Manager Version: 4.2.1 Supported virtualization environments: VMware ESXi 6.7.0, ...
    • PMC Version 4, Start Guide

      Overview This document based on the release notes of PMC 4.1.1. It covers everything you need to know, in-depth, regarding installation and deployment of PMC. It is always recommended that you use the current release notes of every PMC version that ...
    • LDAP Authentication (NoTouch Center)

      LDAP Authentication (NoTouch Center) NoTouch Center is a tool for system administrators to manage their endpoints. It not only maintains a list of local user accounts, but it also supports user authentication via LDAP using either Microsoft Active ...
    • How Does AD Connection Work with VERDE, LDAP and Domain

      Product Line:  VERDE Verde VDI System Design Guide (Active Directory Connection and Authentication)   This System Design Guide explains the integration of Active Directory with Verde VDI. The following configurations are required for logging into ...
    • LDAP - Active Directory - Global Catalog

      Authenticating users from Active Directory forests (not only from a single domain) is possible in NoTouch Center. The NTC appliance needs to be configured to talk with the Active Directory Global Catalog server then though. The LDAP Server URL in ...