Many organizations have a central user account/role repository for managing their users and IT infrastructures. The directory is one of the most popular choices for managing user information. Lightweight Directory Access Protocol (LDAP) is the de facto standard for querying directory data. We felt that LDAP would allow us to achieve centralized authentication and eventually centralized authorization, significantly reducing complexity for user management. Customers will also benefit from improved compliance and auditing of authorizations.
In release 6.2, we have integrated with Microsoft Active Directory. The following diagram provides an overview of the integration.
Indeni sends all login requests to Active Directory to process. It does not store the usernames and credentials locally.
Since many organizations have already created user groups and stored them in Active Directory, the user’s LDAP group membership determines if the user is authorized to access Indeni. Indeni determines what LDAP groups the user belongs to with a simple search. Indeni verifies that the user belongs to one of the authorized LDAP groups and grants access accordingly.
Enabling LDAP is simple, follow these steps:
1. Click on the settings tab on the left menu of Indeni
2. Click on “Authentication” as shown below
3. Press “LDAP”In order to access Active Directory, you will need an Active Directory user with permission to perform searches. Specify the service LDAP URL and provide the search parameters that Indeni uses when searching Active Directory for matching user entries.
As part of the setup, Indeni will retrieve the list of LDAP groups from Active Directory.
Select the LDAP group(s) of users who will need access to Indeni. Any changes made in the LDAP group members are automatically reflected in Indeni, without having to change the LDAP setup.
For more information, please refer to the Indeni 6.x User Guide – LDAP.