LogoLogo
3.0.0
3.0.0
  • Getting Started
    • What is Cymmetri?
    • Release Notes
    • Starting your Cymmetri Trial
    • Admin Dashboard
    • Accessing Cymmetri
    • Supported Web Browsers
    • Cymmetri Error Codes
    • Help
    • Personalization
      • General Configuration
      • Admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Tenant Branding
      • Custom Attributes
  • Identity Hub
    • Managing Users and Groups
      • User Management
      • User Detail
      • Create Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Delegation
        • Setting up Delegation
        • Delegating Work to Delegatee
        • Accepting Delegation
      • Suspended Users
      • Archived Users
      • All Users Session
    • Authentication
      • Identity Provider
        • Internal IDP
          • Introduction
          • Internal Identity Provider Configuration: Cymmetri
          • Internal Identity Provider Configuration: Active Directory
          • Internal Identity Provider Configuration: LDAP
        • External IDP
          • Introduction
          • External Identity Provider Configuration - Google IDP
          • External Identity Provider Configuration - Azure IDP
          • External Identity Provider Configuration - Salesforce IDP
      • Service Provider
      • Authentication Rules
      • Password Policy
      • Global Auth Policy
      • Adaptive
    • Attribute Setting
    • Password Filter
    • Logs
      • Audit Log
      • Import History
      • Scheduler History
  • Lifecycle Management
    • Application Management
      • Support for Application Management
      • Getting Started
        • Introduction to Application Management
        • Adding Applications to be managed by Cymmetri
        • Assigning Applications to End Users
        • Dynamic Forms
        • Configuring Connector Server
      • Provisioning How to
        • Azure Provisioning
        • Active Directory (AD) Provisioning
        • Google Workspace Provisioning
        • LDAP Provisioning
        • Powershell Provisioning
        • REST Connector Provisioning
        • SCIM v2.0 Provisioning with Basic Authentication
        • SCIM 2.0 with Bearer Authentication
        • SCIM 2.0 with Fixed Bearer
        • Github Provisioning
      • Reconciliation How to
        • Configuring Reconciliation Process
      • Rules
        • Provisioning
        • Deprovisioning
    • Workflow Management
      • Workflow Configuration
      • Workflow Rules
      • Pending Workflows
      • Workflows List
    • Teams Config
    • Configuring Webhooks
  • Single Sign On
    • Introduction
    • SSO Configuration
      • SAML 2.0 Based SSO
      • API Based SSO
      • OpenID Connect Based SSO
    • Multifactor Authentication(MFA)
      • Introduction
      • Cymmetri Authenticator
      • Push Authenticator
      • Google Authenticator
      • SMS Authenticator
      • Secret Questions
      • FIDO Authenticator
      • Admin MFA Setting
    • Passwordless
      • Introduction
      • TOTP Based
      • OTP Based
      • Consent Based
      • FIDO Based
  • My Workspace
    • Getting Started
      • Introduction
      • First Time User Registration
      • End User Login Process
      • Forgot Password & Unlock Account
      • User Settings
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • On Behalf
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
  • Governance
    • Insights
      • Reports
      • Risk
    • Access Certification
      • Setting up and managing Access Reviews
  • Self-Service App
Powered by GitBook

Cymmetri.com

On this page
  • The Adapter Service
  • Configuration

Was this helpful?

Export as PDF
  1. Identity Hub
  2. Authentication
  3. Identity Provider
  4. Internal IDP

Internal Identity Provider Configuration: LDAP

Was this helpful?

Lightweight Directory Access Protocol (LDAP) serves as a important Identity Provider (IDP) in enterprise environments. It authenticates and authorizes users, facilitating seamless access to resources. LDAP is commonly used as a directory service for managing user identities and authentication information within an organization.

LDAP can be utilized in Cymmetri as an Identity Provider (IDP), leveraging existing user accounts to access Cymmetri, as the platform supports the LDAP protocol.

For configuring LDAP as an Identity Provider one of the primary service needed is the Adapter Service.

The Adapter Service

The Adapter Service or Auth Adapter Service is exposed as a rest service which runs on https acts as an adapter to facilitate authentication using the LDAP protocol which is often employed for authentication purposes in various systems and every adapter service instance is called by the secret generated while installation/configuration of adapter service.

The rest endpoints are called by cymmetri-cloud AuthenticationService to connect to On-Prem AD/Ldap or cloud AD/Ldap. The AdaptorService is used to test connection, authenticate, change, reset password of an user.

Configuration

For configuring Active Directory as an internal IDP navigate to Authentication -> Identity Provider -> Internal IDP. Here you may either configure the already created LDAP Authentication instance or +Add New

In either cases a screen opens where you need to provide the below mentioned details

  • Name: LDAP Authentication

  • IDP Type: Open LDAP

  • Description: A general description about the IDP type

  • Status: Active

  • Adapter Service Domain: Location (IP) of the server on which the Adapter Service is deployed

  • Adapter Service Secret: The secret generated while installation/configuration of adapter service

  • Base DN: LDAP root domain name

  • Search Scope: A search scope for locating users in LDAP

Once all the details are entered Save the changes and Test the Connection using Test Connection button.

Once the rule is configured, whenever a user matches the rule conditions, their credentials are verified against those stored in LDAP. Upon successful verification, the user is granted access to log in to Cymmetri.

For enabling Open LDAP to be used as an IDP for specific set of users an Authentication Rule needs to be configured. you can see the steps on how to configure Authentication Rules.

Here