Contents Now Platform Administration Previous Topic Next Topic LDAP integration setup Subscribe Log in to subscribe to topics and get notified when content changes. ... SAVE AS PDF Selected Topic Topic & Subtopics All Topics in Contents Share LDAP integration setup Administrators can enable LDAP integration to allow single sign-on of users from their company LDAP directory. LDAP typically uses one of these types of communication channels. Table 1. LDAP communication channels Connection Description LDAP import support? LDAP authentication support? MID Server connection Communicates over HTTP on port 80 by default. This communication channel does not require a certificate. The connection between the MID Server and the instance is over HTTPS (port 443). You can use the MID Server to import data over LDAP, but you cannot use the MID Server for LDAP authentication. Proceed to Define the LDAP Server. Yes No Standard LDAP integration Communicates over TCP on port 389 by default. This communication channel does not require a certificate. Proceed to Define the LDAP Server. Yes Yes SSL-encrypted LDAP integration (LDAPS) Communicates over TCP on port 636 by default, This communication channel requires a certificate. Proceed to Upload the LDAP X.509 SSL certificate to obtain and upload the certificate. Yes Yes VPN connection Communicates over an IPSEC tunnel. Purchase or create an IPSEC tunnel on your local network. Proceed to Define the LDAP Server. Yes Yes If using a MID Server, the MID Server connects to the instance and the MID Server also connects to the LDAP server. In both cases, the MID Server initiates the connection: First, the MID Server connects to the LDAP server via LDAP on Port 389. Then, the MID Server initiates an HTTPS encrypted connection to the instance on Port 443 to push the data to the instance. For more information about VPNs, Mid Servers, and LDAP, see You Don't Need A VPN Part II on the community. Upload the LDAP X.509 SSL certificateIf your administrator is setting up an SSL-encrypted LDAP integration (LDAPS) to communicate over TCP on port 636, and has not already uploaded a certificate as part of your instance Go Live activities.Define an LDAP serverCreate a new LDAP server record in the instance.Enable an LDAP listener and set system propertiesEnabling a listener is optional. If enabled, a listener notifies the system to process LDAP records soon after there is an update on the LDAP server.Specify LDAP attributesSpecify the attributes included in LDAP server queries using the LDAP server Attributes field. This can enhance performance as well as security.Test an LDAP connectionThe instance tests the connection automatically every time a user opens the LDAP Server form. Alternatively, you can manually test the connection to the LDAP server from the LDAP server form. Define LDAP organizational unitsAn organizational unit (OU) definition specifies the LDAP source directories available to the integration.Create a data source for LDAPEach LDAP organizational unit (OU) definition has its own related list of data sources.Auto provision LDAP usersYou automatically provision users who are in the LDAP server but not yet in your instance.LDAP integration via MID ServerAdministrators can integrate using an LDAP data source over a Management, Instrumentation, and Discovery (MID) Server. On this page Send Feedback Previous Topic Next Topic
LDAP integration setup Administrators can enable LDAP integration to allow single sign-on of users from their company LDAP directory. LDAP typically uses one of these types of communication channels. Table 1. LDAP communication channels Connection Description LDAP import support? LDAP authentication support? MID Server connection Communicates over HTTP on port 80 by default. This communication channel does not require a certificate. The connection between the MID Server and the instance is over HTTPS (port 443). You can use the MID Server to import data over LDAP, but you cannot use the MID Server for LDAP authentication. Proceed to Define the LDAP Server. Yes No Standard LDAP integration Communicates over TCP on port 389 by default. This communication channel does not require a certificate. Proceed to Define the LDAP Server. Yes Yes SSL-encrypted LDAP integration (LDAPS) Communicates over TCP on port 636 by default, This communication channel requires a certificate. Proceed to Upload the LDAP X.509 SSL certificate to obtain and upload the certificate. Yes Yes VPN connection Communicates over an IPSEC tunnel. Purchase or create an IPSEC tunnel on your local network. Proceed to Define the LDAP Server. Yes Yes If using a MID Server, the MID Server connects to the instance and the MID Server also connects to the LDAP server. In both cases, the MID Server initiates the connection: First, the MID Server connects to the LDAP server via LDAP on Port 389. Then, the MID Server initiates an HTTPS encrypted connection to the instance on Port 443 to push the data to the instance. For more information about VPNs, Mid Servers, and LDAP, see You Don't Need A VPN Part II on the community. Upload the LDAP X.509 SSL certificateIf your administrator is setting up an SSL-encrypted LDAP integration (LDAPS) to communicate over TCP on port 636, and has not already uploaded a certificate as part of your instance Go Live activities.Define an LDAP serverCreate a new LDAP server record in the instance.Enable an LDAP listener and set system propertiesEnabling a listener is optional. If enabled, a listener notifies the system to process LDAP records soon after there is an update on the LDAP server.Specify LDAP attributesSpecify the attributes included in LDAP server queries using the LDAP server Attributes field. This can enhance performance as well as security.Test an LDAP connectionThe instance tests the connection automatically every time a user opens the LDAP Server form. Alternatively, you can manually test the connection to the LDAP server from the LDAP server form. Define LDAP organizational unitsAn organizational unit (OU) definition specifies the LDAP source directories available to the integration.Create a data source for LDAPEach LDAP organizational unit (OU) definition has its own related list of data sources.Auto provision LDAP usersYou automatically provision users who are in the LDAP server but not yet in your instance.LDAP integration via MID ServerAdministrators can integrate using an LDAP data source over a Management, Instrumentation, and Discovery (MID) Server.
LDAP integration setup Administrators can enable LDAP integration to allow single sign-on of users from their company LDAP directory. LDAP typically uses one of these types of communication channels. Table 1. LDAP communication channels Connection Description LDAP import support? LDAP authentication support? MID Server connection Communicates over HTTP on port 80 by default. This communication channel does not require a certificate. The connection between the MID Server and the instance is over HTTPS (port 443). You can use the MID Server to import data over LDAP, but you cannot use the MID Server for LDAP authentication. Proceed to Define the LDAP Server. Yes No Standard LDAP integration Communicates over TCP on port 389 by default. This communication channel does not require a certificate. Proceed to Define the LDAP Server. Yes Yes SSL-encrypted LDAP integration (LDAPS) Communicates over TCP on port 636 by default, This communication channel requires a certificate. Proceed to Upload the LDAP X.509 SSL certificate to obtain and upload the certificate. Yes Yes VPN connection Communicates over an IPSEC tunnel. Purchase or create an IPSEC tunnel on your local network. Proceed to Define the LDAP Server. Yes Yes If using a MID Server, the MID Server connects to the instance and the MID Server also connects to the LDAP server. In both cases, the MID Server initiates the connection: First, the MID Server connects to the LDAP server via LDAP on Port 389. Then, the MID Server initiates an HTTPS encrypted connection to the instance on Port 443 to push the data to the instance. For more information about VPNs, Mid Servers, and LDAP, see You Don't Need A VPN Part II on the community. Upload the LDAP X.509 SSL certificateIf your administrator is setting up an SSL-encrypted LDAP integration (LDAPS) to communicate over TCP on port 636, and has not already uploaded a certificate as part of your instance Go Live activities.Define an LDAP serverCreate a new LDAP server record in the instance.Enable an LDAP listener and set system propertiesEnabling a listener is optional. If enabled, a listener notifies the system to process LDAP records soon after there is an update on the LDAP server.Specify LDAP attributesSpecify the attributes included in LDAP server queries using the LDAP server Attributes field. This can enhance performance as well as security.Test an LDAP connectionThe instance tests the connection automatically every time a user opens the LDAP Server form. Alternatively, you can manually test the connection to the LDAP server from the LDAP server form. Define LDAP organizational unitsAn organizational unit (OU) definition specifies the LDAP source directories available to the integration.Create a data source for LDAPEach LDAP organizational unit (OU) definition has its own related list of data sources.Auto provision LDAP usersYou automatically provision users who are in the LDAP server but not yet in your instance.LDAP integration via MID ServerAdministrators can integrate using an LDAP data source over a Management, Instrumentation, and Discovery (MID) Server.