DOCUMENTATIONAPI REFERENCEAI-Link
DownloadsSupport
Loading search results...
Managing AtScaleManaging User Access and SecurityConnecting to an LDAP Server

Connecting to an LDAP Server

You can manage your AtScale users by connecting the Identity Broker to your organization's LDAP server.

Note: Currently, AtScale only supports connecting to Microsoft Active Directory. You must use Active Directory if you want to use Windows Authentication options (Kerberos or NTLM).

Attention!

Important: The users defined in your LDAP server are automatically added to the AtScale Identity Broker when they log in for the first time. All users are added to the everyone group, which includes the query_user role. If you need to add users to other groups or assign them additional roles, you must do so from within the Identity Broker. For more information, see Managing Users with the Identity Broker.

Connect to an LDAP Server

To connect the Identity Broker to your LDAP server:

  1. In AtScale, open the main menu and select Security. The Identity Broker opens.

  2. Log in using your AtScale admin username and password.

  3. Select the atscale realm if it is not already selected.

  4. In the left-hand navigation, click User federation.

  5. Click Add LDAP providers.

  6. Select the Settings tab.

  7. In the General options section, complete the following fields:

    • UI display name: Enter a name to identify the connection to your LDAP server.
    • Vendor: Enter the name of your LDAP vendor; for example, Active Directory.

  8. In the Connection and authentication settings section, do the following:

    1. In the Connection URL field, enter the connection URL for your LDAP server. Note that if you have TLS enabled, the port should be 636; if not, it should be 389.

    2. Click Test connection below the Connection timeout field. If the connection is working, a success message appears.

    3. Complete the following fields:

      • Bind type: Select the bind type to use for the connection.
      • Bind DN: Enter the bind DN to use for the connection.
      • Bind credentials: Enter the password for the bind DN.

    4. Click the Test connection button below the Bind credentials field. If the connection is working, a success message appears.

  9. In the LDAP searching and updating section, complete the following fields:

    • Edit mode: Set this field to READ_ONLY.
    • Users DN: Enter the DN for the LDAP tree where your users are defined.
    • Username LDAP attribute: Enter the attribute from your LDAP server to map to the Identity Broker's username attribute.
    • RDN LDAP attribute: Enter the attribute from your LDAP server to map to the Identity Broker's RDN attribute.
    • UUID LDAP attribute: Set this field to objectGUID.

  10. In the Synchronization settings section, enable Periodic full sync. This configures the Identity Broker to automatically synchronize its database with users from your LDAP.

  11. Click Save.

  12. Test the connection:

    1. Open a new browser window and navigate to your AtScale instance.
    2. Click Sign In in the top right corner. The Sign in to your account window appears.
    3. Sign in using your LDAP credentials.

Additional Information

After connecting to your Active Directory LDAP server, you can optionally configure Kerberos. For instructions, see Configuring Kerberos.