How K2 Applications Authenticate Active Directory Users

How K2 Applications Authenticate Active Directory Users

Active Directory (AD) users that have been synchronised from an AD server do not have their passwords transferred to the K2 system. Therefore password authentication for AD users is not performed within a K2 application itself. This article describes the process for authenticating synchronised AD users.

How K2 Applications Authenticate Active Directory Users

  1. In the first instance it will use the Windows Operating System’s Local Security Authority (LSA) component. Refer to Microsoft LSA Authentication for more information. This is the same component that is used when you log on to Windows yourself and will authenticate the entered AD credentials using the Active Directory server. This is entirely within the Windows Operating System and we have no control over this. We just supply the entered credentials to the LSA and wait for a yes or no.

  2. In the event that the LSA fails during authentication, or the Domain Controller cannot be reached, then we employ a fall back system using TCP port 389 (the port used by LDAP) on the Domain Controller as configured in the BASE Url in the LDAP settings of the Guardian Configuration tool.

How K2 Bedside Portals Authenticate Active Directory Users

When a normal Windows client authenticates against an Active Directory Domain it uses a service called the local security authority (LSA). Since the Portals are a heavily stripped down embedded version of Windows, they don’t have the LSA installed as part of the system, and so the Portal uses LDAP to query the Domain controller instead. Sometimes it is this LDAP traffic that is blocked.


The portal needs to be able to connect to TCP port 389 (the port used be LDAP) on the Domain Controller used to perform the LDAP import. In the case of Portals that are connected to a wireless network, and access rules are in place that limit what the Portals can connect to, then a rule will need to be added to this access-list to allow this connection.

    • Related Articles

    • Guardian Administration Guide

      Guardian's Administration tools can be accessed via the  Admin  button located at the top right of the Guardian Athena desktop application. Access to each of these options is restricted to users with Administration rights to the system. Clicking on ...

    • Using Guardian's Administration Tool (pre 2020)

      The administration tool can be used by system administrators to manage system users and annotations. Administrators can also change timed parameters for the Guardian system. Users By clicking on the [Users] button and authenticating, the user list ...

    • Recommended Customer Issue Escalation Process

      K2 recommend the following internal issue escalation process to ensure the smooth running of the Guardian System.  The escalation proceeds from End User - Clinical Expert - Hospital IT Support K2MS Support can be contacted at any time during this ...

    • Guardian Release Notes

      Version 2.050.129.001 (ECO 135-18) New Features / Changes Telstra Interface - A new interface has been developed for Healthscope in Australia. The interface provides access to the Telstra 'Emerging' system at the bedside ER24349 Fingerprint Enrolment ...

    • Remote Viewing Service (Clinical Web Portal)

      This web based service allows consultants to view what is going on in each of the birth suite rooms from their smartphone/ tablet or laptop.  The remote viewing service (Clinical Web Portal) runs as a web application on a web server within the ...