Skip to main content

Login with AD credentials

Users who have been imported or synchronized from a private Active Directory (AD) into oneclick™ can log in with their AD credentials.

Which login is used?

If a user was imported from an Active Directory, login is performed by default using AD credentials. A login with a oneclick™ password is only possible if the “Allow login with password” policy is enabled.


As soon as a user has been imported from an Active Directory into oneclick™ or synchronized is completed, login with AD credentials is automatically possible.

No additional policy is required for this login.

Login is performed using:

  • the email address transferred during import from the Active Directory

  • the AD password
    The password input field on the login page remains the same – AD users enter their AD password here.

Authentication source

oneclick™ recognizes based on the user account whether a user originates from a connected Active Directory.
In this case, the entered password is automatically validated against the Active Directory.


Login with oneclick™ password

Login with a oneclick™ password is only possible if the “Allow login with password” policy is enabled. If the policy is disabled, the entered password is validated exclusively against the Active Directory.

Password change in the oneclick™ portal

Users can change or reset their oneclick™ password in the portal. A change of the oneclick™ password:

  • has no effect on login with AD credentials
  • does not affect authentication against the Active Directory

Impact of the “Allow login with password” policy

The “Allow login with password” policy exclusively controls whether the oneclick™ password may be used for login.
It has no effect on login with AD credentials.
Further information on configuration can be found in the article “Policies”.

Policy disabled

  • login only with AD credentials
  • the oneclick™ password is not used

Policy enabled

  • login with oneclick™ password possible
  • login with AD credentials still possible

Best practice for user licenses

A clear separation of user licenses is recommended.

oneclick™ users (e.g. administrators)

Recommended configuration:

These users log in with a oneclick™ user account.

AD users (synchronized users)

Recommended configuration:

  • disable the “Allow login with password” policy
    Even with the policy disabled, login with AD credentials is still possible, as these are processed independently of the policy.
  • optionally two-factor authentication

Login is performed exclusively via AD credentials.

Access control

This configuration prevents users from additionally setting a oneclick™ password and thereby creating alternative login methods.

If users cannot log in

If users cannot log in despite correct AD credentials, check the Active Directory synchronization as well as the assigned user license.