InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

LDAP

Instructions for Configuration of LDAP as an Authentication Server with InsightCloudSec

Overview

InsightCloudSec supports using Lightweight Directory Access Protocol (LDAP) authentication as a valid authentication server. This page includes details on configuring LDAP as an authentication server for InsightCloudSec.

In addition to LDAP authentication where users are created and managed in InsightCloudSec, we also support using LDAP in combination with external tools for user management, where user creation/data can be synced with InsightCloudSec. For details on this feature check out our documentation on Just In-Time User Provisioning (Authentication Server Support).

Prerequisites

Before getting started you will need to have the following

  • A functioning InsightCloudSec platform
  • Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
  • Administrative credentials to your LDAP instance

For questions or issues reach out to [email protected].

LDAP Authentication Server Setup

Refer to the steps below to create an LDAP Authentication Server:

1. Navigate to "Administration --> Identity Management" and select the "Authentication Servers" tab.

2. Click the "Add Server" button to launch the form.

Identity Management - Authentication ServerIdentity Management - Authentication Server

Identity Management - Authentication Server

3. Update the "Create Authentication Server" form as follows:

  • Provide a nickname for your server.
  • Select "LDAP" as the Server Type.
  • Select the Global Scope checkbox if you want to use this server across multiple InsightCloudSec Organizations. Learn more about Organizations.

4. For "Server Host/IP", enter the server or hostname for the LDAP instance.

  • This is often represented as "dc.yourdomain.com". Do not include any protocol or port information here.

5. For "Server Port" supply the port for which your LDAP instance is configured.

  • Port ‘389’ is supplied by default as it is the default LDAP port.
  • If your LDAP is configured to use SSL, the default port is ‘636’.
  • If your LDAP instance has been configured to use any other port, supply that value here.
Create Authentication Server - LDAP ExampleCreate Authentication Server - LDAP Example

Create Authentication Server - LDAP Example

6. Select the "Secure Server" checkbox if your LDAP instance has been configured to use SSL.

7. For "Admin Username", enter the Distinguished Name (“DN”) of a user account with ‘bind’ privileges.

  • The DN is usually represented as “CN=Your Name,OU=YourOrganization,DC=YourCompanyName,DC=Com).

8. For "Admin Password", enter the password credential of the user account specified in "Admin Username"

9. For "Base User DN", enter the search string applicable to where user accounts are situated within the directory.

  • Usually, this looks something like “CN=Users,DC=YourCompanyName,DC=Com”. It is important here to provide the most specific possible search string.
  • A search string of “DC=YourCompanyName,DC=Com” might work depending on how the directory was configured but will result in inefficient lookups which are taxing to the LDAP instance and could result in timeouts while users attempt to authenticate.

10. Ignore the checkbox for "Enable periodic user provisioning".

11. Click "Submit" to complete your authentication server setup.

  • InsightCloudSec will verify that the credentials you submitted are correct and that the account provided has the required ‘bind’ privilege.
  • If an error message appears, verify the values you entered are correct for the LDAP instance in which you are trying to authenticate.

Updated 3 days ago

LDAP


Instructions for Configuration of LDAP as an Authentication Server with InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.