One can integrate an LDAP directory with iDNA Applications in order to allow users from a corporate directory to access iDNA Applications information.
This article explains how to configure the integration with an Active Directory or Domino LDAP.
Note: The internal user accounts (e.g. Config) will remain active and valid in parallel to all the LDAP objects.
Active Directory
- Click on Settings - LDAP Settings
- LDAP Settings
Type: Select Active Directory
LDAP host: Enter the Directory URL + Port
Bind DN: Enter the canonical name of the bind user
Example: CN=_bindusername,OU=Functional,OU=Users,OU=acme,DC=acme,DC=local
IMPORTANT: The binduser has to see at least one of the following member attributes: memberOf, isMember, member
Bind DN Password: Enter the password of the bind user account
User Search Base: Enter the Search Base where the User Objects are located
User Filter: For Active Directory please enter the following string:
(sAMAccountName={{username}})
Role Mapping (Administrators - Monitoring- Viewer)
Assign a AD Group to certain role
Example: Office365Admins is an AD group with certain members (all these members would gain Admin Access to iDNA Applications)
IMPORTANT:
- If a user is member of an Administrator group and Viewer group, then the User gets the higher permission → Administrator
- If a user which is NOT member of any assigned group, tries to login , the user will not be able to login.
IBM Domino LDAP
- LDAP Settings
Type: Select Domino
LDAP host: Enter the Directory URL + Port
Bind DN: Enter the canonical name of the bind user
Example: CN=_bindusername,OU=Functional,OU=Users,OU=acme,DC=acme,DC=local
IMPORTANT: The bind user has to see the attribute: dominoaccessgroups
Bind DN Password: Enter the password of the bind user account
User Search Base: Enter the Search Base where the user objects are located
User Filter: for Domino LDAP please enter the following string:
(cn={{username}})
Role Mapping (Administrators - Monitoring- Viewer)
Assign a AD group to certain role
Example: Office365Admins is an AD group with certain members (all these members would gain Admin access to iDNA Applications)
IMPORTANT:
- If a user is member of an Administrator group and Viewer group, then the user gets the higher permission → Administrator
- If a user which is NOT member of any assigned group, tries to login , the user will not be able to login.