InsightCloudSec supports using Lightweight Directory Access Protocol (LDAP) authentication as a valid authentication server. This page includes details on configuring LDAP as an authentication server for InsightCloudSec.
In addition to LDAP authentication where users are created and managed in InsightCloudSec, we also support using LDAP in combination with external tools for user management, where user creation/data can be synced with InsightCloudSec. For details on this feature check out our documentation on Just In-Time User Provisioning (Authentication Server Support).
Before getting started you will need to have the following
- A functioning InsightCloudSec platform
- Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
- Administrative credentials to your LDAP instance
For questions or issues reach out to us through the Customer Support Portal.
Refer to the steps below to create an LDAP Authentication Server:
1. Navigate to "Administration --> Identity Management" and select the "Authentication Servers" tab.
2. Click the "Add Server" button to launch the form.
3. Update the "Create Authentication Server" form as follows:
- Provide a nickname for your server.
- Select "LDAP" as the Server Type.
- Select the Global Scope checkbox if you want to use this server across multiple InsightCloudSec Organizations. Learn more about Organizations.
4. For "Server Host/IP", enter the server or hostname for the LDAP instance.
- This is often represented as "dc.yourdomain.com". Do not include any protocol or port information here.
5. For "Server Port" supply the port for which your LDAP instance is configured.
- Port ‘389’ is supplied by default as it is the default LDAP port.
- If your LDAP is configured to use SSL, the default port is ‘636’.
- If your LDAP instance has been configured to use any other port, supply that value here.
6. Select the "Secure Server" checkbox if your LDAP instance has been configured to use SSL.
7. For "Admin Username", enter the Distinguished Name (“DN”) of a user account with ‘bind’ privileges.
- The DN is usually represented as “CN=Your Name,OU=YourOrganization,DC=YourCompanyName,DC=Com".
8. For "Admin Password", enter the password credential of the user account specified in "Admin Username"
9. For "Base User DN", enter the search string applicable to where user accounts are situated within the directory.
- Usually, this looks something like “CN=Users,DC=YourCompanyName,DC=Com”. It is important here to provide the most specific possible search string.
- A search string of “DC=YourCompanyName,DC=Com” might work depending on how the directory was configured but will result in inefficient lookups which are taxing to the LDAP instance and could result in timeouts while users attempt to authenticate.
10. Ignore the checkbox for "Enable periodic user provisioning".
- This checkbox is to enable JIT. You can read more about this feature in the Just In-Time User Provisioning (Authentication Server Support) docs.
11. Click "Submit" to complete your authentication server setup.
- InsightCloudSec will verify that the credentials you submitted are correct and that the account provided has the required ‘bind’ privilege.
- If an error message appears, verify the values you entered are correct for the LDAP instance in which you are trying to authenticate.
Updated over 1 year ago