Skip to content

Hybrid Connection

Under the hood Hybrid (Active Directory + Entra ID) uses a Lightweight Directory Access Protocol (LDAP) based authorization. By linking your account with Hire2Retire, you can authorize RoboMQ to perform operations to your Active Directory Domain Controller.

Hire2Retire product supports employee operations of onboarding, updating, termination, rehire and leave in Active Directory. Thus, the user account you use to establish the connection must satisfy one of the following criteria:

  • Belong to the security group "Domain Admin".
  • Set up delegate control of this user under the target Organization Units (OU).

Create Hybrid Connection

Hire2Retire requires the following details to create a connection.

  • Connection Name - A user defined nomenclature for your connection. By default, the connect name is "Connection-Directory Service", you can change the name as per your preferences.
  • Host - The host name is the IP address of your Active Directory Server. User can add more then one host for the same account.
  • Port - The TCP/IP port on which the Active Directory server is listening. Hire2Retire will only establish the LDAP connection with your SSL port. (The default is 636)
  • Base DN - It is a collection of objects that Hire2Retire will access within an Active Directory network. An object can be a single user, a group of users or a hardware component, such as a computer or printer. Each base DN holds a database containing object identity information. It should be given in the format "DC=example-domain,DC=com"
  • Username - The username to access the Active Directory server. Please make sure it belongs to the security group "Domain Admin" and has delegated control to target Organization Units (OU).
  • Password - The Password to access the Active Directory server.

Connection page

Figure 1. Hybrid Connection Set Up Page


Connection page

Figure 2. Hybrid Connection Set Up Page for Multi Domain Controller

If you are configuring a connection with multi-domain controller setup, you can provide host values for each domain controller in your AD along with their respective base DN and port. You can also provide comma separated list of IP/host addresses for each domain controller.

Delegate Control on Active Directory

You can set up the delegated controls (manage user or group) under a specific OU for the service account.

Set up the delegated control on Active Directory

Hybrid with Exchange Online

By linking your Hybrid and Exchange Online account with Hire2Retire, you can authorize RoboMQ to have a delegated access on your behalf to both applications.

Hybrid with Exchange Online Connection set up

Hybrid with Entra ID Services

By linking your Hybrid and Entra ID account with hire2retire, you can authorize RoboMQ to have a delegated access on your behalf to both applications.

Hybrid with Entra ID Connection set up

Hybrid with SharePoint Online

Hybrid with SharePoint Online application on Hire2Retire uses certificate based authorization for authenticating SharePoint Online.

By linking your Hybrid and SharePoint Online account with Hire2Retire, you can authorize RoboMQ to have a delegated access on your behalf to both applications.

Hybrid with SharePoint Online Connection set up