Aspects of LDAP integration

Administrators integrate with a Lightweight Directory Access Protocol (LDAP) directory to streamline the user login process and automate administrative tasks such as user creation and role assignment.

User data is refreshed from your master source into the instance. The instance integrates with your organization's internal directory services through an LDAP query as a read-only connection, never updating your corporate LDAP.

Data population

An integration to your LDAP server(s) allows you to quickly and easily populate the instance with user records from your existing LDAP database. In case of data inconsistencies, configuration settings provide the ability to create, ignore, or skip records.

You can also specify the data that is imported by specifying attributes. We recommend importing only the data that you want to expose to the instance.

Note: You must specify all the attributes used in your transform map. If attributes are not specified, all available object attributes are imported from the LDAP server. This peripheral data accumulates in temporary import set tables, slowing import time.

For more information, see Specify LDAP attributes for configuration information and Create a transform map to help you create a transform map.

Authentication

When one of your users enters their domain credentials in the login page, the application passes those credentials to the defined LDAP server(s). The LDAP server responds with an authorized or unauthorized message which the application uses to determine if access should be granted. By authenticating against your LDAP server, users use the same credentials for the application that they use for other internal resources on your domain. Also, you can leverage any existing password and security policies that are already in place (for example: account lockout after a number of failed logins and password expiration dates). Because the application is receiving a "yes" or "no" from the LDAP server, these policies are enforced.