By default, Indeni stores authentication information in its local database. Optionally, you can use an external LDAP (Lightweight Directory Access Protocol) repository to access Indeni.
Please Note: This feature only supports Microsoft Active Directory.
Indeni supports a single integration with LDAP, which offers the benefits of ease of login, centralized identity management as well as Role assignment to Groups already present on the LDAP server.
To get started with configuration, navigate to the LDAP configuration by clicking on:
Settings > Integrations > Add New Integration > LDAP
STEP 1: Enter the LDAP Endpoint, Base DN, username and password. The LDAP user should be in the [email protected] format. Use port 636 to connect.
Please Note: You can optionally enter the hostname of the LDAP endpoint.
To verify the details before proceeding, click on the TEST button.
Please Note: The groups should auto-populate based on the @domain of the username(s).
STEP 2: Navigate to Settings -> Groups -> NEW LDAP GROUP, you should see the list of LDAP Groups Indeni retrieved. Choose the LDAP group(s) you wish to add to the system.
STEP 3: Select the blue NEW GROUP button to assign a role for all the users within the added LDAP group.
From here, assign Group privileges (Roles) as usual. For more on this, see the sections dealing with Groups and Roles.
Any time you want to add a new LDAP group, repeat step 2 and 3.
With LDAP, there is no need to register individual users. Instead, you add the LDAP group to grant access to users belonging to the group.
The Group is saved to the WebUI, and LDAP users assigned to the group can login to Indeni with their LDAP username, without the @domain details.
By default, Indeni always attempts to use the local authentication mechanism first. If you do not allow local users in your environment, you should remove all the local users from the local database in order to enforce LDAP authentication.
At any attempted login, Indeni first validates the credentials locally. If the credentials do not exist, and if an LDAP server is active, the username and password will be forwarded to the specified LDAP server for credential verification. Indeni does not store the LDAP passwords locally. If the user does not belong to an LDAP group, access is not granted.