IDR SSO - Step 5: Connect LDAP Directory
a month ago

IDR SSO - Step 5: Connect LDAP Directory

Add a Connection to LDAP Directory

Perform these steps to connect to an LDAP directory quickly using only required settings. If you want to use advanced options, see Add an Identity Source.

WatchtheVideoGraphic

Procedure 

  1. In the Cloud Administration Console, click Users > Identity Sources.
  2. Click Add an Identity Source > Select next to Active Directory.
  3. Click Add an Identity Source > Select next to the directory to add.
  4. Enter the identity source name and root (the base DN for users from the planning worksheet).
  5. In the SSL/TLS Certificate section, unselect Use SSL/TLS encryption to connect to the directory servers.

    ngx_g_unselect_useSSL3

  6. In the SSL/TLS Certificates section:
    1. Select Use SSL/TLS encryption to connect to the directory servers.
    2. Click Add and select the SSL/TLS certificate.
  7. In the Directory Servers section, add each directory server in the identity source, and test the connection.
  8. Click Next Step.
  9. On the User Attributes page, click Refresh Attributes, and verify that a valid list of attributes appears.

  10. Select Use selected policy attributes with the Cloud Authentication Service.

    ngx_g_use_selected_attributes

  11. In the Policies column, select sAMAccountName, virtualGroups, and memberOf or other attributes that you might use to identify users.

    attributes2

  12. Click Next Step.

  13. In the User Search Filter field, specify your test group using a filter. The following is an Active Directory example:

    (&(objectCategory=Person)(sAMAccountName=*)(objectClass=user)(mail=*)(memberOf=<yourgroup_distinguishedName>))

    Where <yourgroup_distinguishedName> is the name of your test administrator group.

    For example, (&(objectCategory=Person)(sAMAccountName=*)(objectClass=user)(mail=*)(memberOf=CN=SecurIDAccessUsers,OU=Groups,DC=Corp,DC=local))

  14. Click Save and Finish.
  15. Click Publish Changes.

Synchronize LDAP Directory for Cloud Access Service

Synchronize data between Cloud Access Service (CAS) and your LDAP directory to ensure that CAS reflects any updates made to the LDAP directory.

During synchronization, users are added and attribute values that you selected in the previous step are copied to CAS. User passwords are not synchronized.

Procedure 

  1. In the Cloud Administration Console, click Users > Identity Sources.
  2. Next to your identity source, select Synchronization from the drop-down menu.

  3. In the Identity Source Details section, click Synchronize Now.

    Depending on the number of users you are synching, this process can take a number of minutes.

 

IDR SSO - Step 6: Configure the Standard Web Application Portal

Cloud Access Service Quick Setup Guide for IDR SSO

Related Articles

Trending Articles

Don't see what you're looking for?