6.1: Centralized Authentication

By default, Indeni stores authentication information in its local database. However, you can now also use an external LDAP (Lightweight Directory Access Protocol) repository to access Indeni.

Please Note: This feature is available in version 6.2+, and only supports Microsoft Active Directory.


LDAP Setup


Configure the connection settings by navigating to the Settings Icon, selecting Authentication and clicking on CA (Centralized Authentication), then input the necessary settings to connect to your LDAP directory.

STEP 1. Enter the LDAP Endpoint, Username and Password, and the Base DN. The LDAP user should be in the user@domain.com format. We support endpoint domain names, and LDAPS over port 636.

You will need to test and verify the details before you can move on. Depending on how many groups there are in the organization this can take up to 5 minutes.

Please Note: The Base DN details should auto-populate based on the @domain of the username. Also CN/OU details are not supported.

STEP 2. It is recommended that you search for the group you want to add. You can filter change the results by 50, 100, or 200 groups. Click on the plus sign to add the group.

STEP 3. Before the group is added you will need to assign a Role, and email preferences that will be assigned to all the users within the group. Individual role types and email notification preferences can be set once they login. You can also set a group distribution email while editing the LDAP group.

Please Note: Notification for severity levels are not selected by default and are not highlighted. Once selected, they will highlight to the color that represents their severity type.

The group is saved to the WebUI, and LDAP users assigned to the group can login to Indeni with their LDAP username, without the @domain details.

 

User Login

Any time a user attempts to login to Indeni, if a LDAP server is configured, the username and password will be forwarded to the specified LDAP directory server to determine if the credentials are correct. Indeni does not store the LDAP usernames and passwords locally.

Indeni determines what LDAP groups the user belongs to with a simple search and then verifies that the user belongs to one of the selected LDAP groups. If the user does not belong to any one of the selected LDAP groups, Indeni will fail the authentication.

The diagram below summarizes the authentication process.

Authentication Fallback

If the LDAP directory does not successfully authenticate the username and password forwarded, Indeni will fall back to the local username and password. If the username and password credential do not exist in the local user store, Indeni will fail the authentication.