Centralized Authentication with LDAP

You can now also use an external LDAP (Lightweight Directory Access Protocol) repository to access Indeni.

LDAP is commonly used as a central place to store usernames and passwords. Indeni supports a single integration with LDAP, which has the familiar benefits of ease of login, centralized identity management as well as Role assignment to Groups already present on the LDAP server.

LDAP Setup

To get started with configuration, navigate to the LDAP tab by clicking on:

Settings > Integrations > New Integration > LDAP

STEP 1:  Enter the LDAP Endpoint, Base DN, username and password. The LDAP user should be in the user@domain.com format. Use port 636 to connect.

To verify the details before proceeding, click on the TEST button.

Please Note:  The groups should auto-populate based on
the @domain of the username(s).

STEP 2:  Verify the required LDAP Groups appear on the list then click on the plus (+) sign to add the group to Indeni (“Administrators”, for example).

STEP 3:  Press the SAVE button to save the added Groups

STEP 4:  In the Groups tab, assign a Role for all the users within the added LDAP group. You should see the name of the added LDAP group appear, preceded by an LDAP icon (to distinguish it from locally-created groups).

From here, assign Group privileges (Roles) as usual.
For more on this, see the sections dealing with Groups and Roles.

The Group is saved to the WebUI, and LDAP users assigned to the group can login to Indeni with their LDAP username, without the @domain details.

By default, Indeni stores username credentials on its local database. However, Indeni does not store the LDAP usernames and passwords locally. At any attempted login to Indeni, if an LDAP server is configured, the username and password will be forwarded to the specified LDAP server for credential verification. If the user does not belong to an LDAP group, Indeni will fail the authentication.

If the LDAP directory does not successfully authenticate the username and password, Indeni will check the credentials locally on Indeni’s user list. If the credentials do not exist on both the LDAP server and on Indeni’s local database, the user is simply not registered with the inputted credentials, so access is not granted.