By default, multi-tenant installations do not allow integration with Active Directory. To enable Active Directory authentication for logging into the SurePassID portal and to import Active Directory user into SurePassID turn on this setting.
In the MFA Server's web.config, add this key:
<add key="System.AllowADImportForMultiTenant" value="TRUE"/>
Make sure to insert it in the appropriate section of the web.config file, as demonstrated below:
<!-- SYSTEM: Find User Authentication settings -->
<add key="Server.AllowEmailAsAccountAlias" value="TRUE"/>
<add key="Server.AllowLoginSSoName" value="TRUE"/>
<add key="System.AllowADImportForMultiTenant" value="TRUE"/>
Ensure that your SurePassID version is 24.2_06032025 or later. If your installation is outdated, you can download the latest patch (at this time) from the provided link.
https://downloads.surepassid.com/patches/SP_PATCH_SPAS_24_2_06032025.zip
For detailed instructions on how to apply the patch, please refer to this article.
https://support.surepassid.com/how-to-apply-a-patch-to-the-on-prem-spas-system
Once you have successfully applied the patch, log back into the portal. You will find the option to configure Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) in the tenant settings for user authentication, along with the ability to import users directly from Active Directory.