LDAP SSO with Active Directory
This guide explains the settings you'll need to enter into the LDAP tab of the LDAP/SAML Maintenance program to enable LDAP SSO with Active Directory.
This guide is for standard LDAP (which is not encrypted in transit). See LDAPS SSO with Active Directory if you wish to use LDAP with encryption.
These steps have been tested on Windows Server 2019 with the Active Directory Domain Services role installed and configured.
TASS Cloud Customers
Please contact the TASS Technical Services team before enabling this.
LDAP Settings
LDAP Root | Specify the Organisational Unit (OU) that contains the users who will be logging into the TASS product or portal being configured. You must provide the full Canonical Name (CN) of this OU. Note that users can be in child OUs. To find this:
|
|---|---|
LDAP Server | This can be either the DNS name or IP address for your Active Directory server. The best option is to use your root domain as this will be routed to the most appropriate Active Directory server. To find this, open Active Directory Users and Groups, then look for the full domain at the top of the directory hierarchy. Otherwise, use fully-qualified domain name or IP address of a specific server. |
LDAP Filter | The attribute of the user object that contains the username that will be used to log in. Common options are:
|
LDAP Port | The default LDAP port is 389. |
Admin Username | Create a user account for TASS to use to read the directory. This is used to check that the user exists. Members of the Domain Users group have the appropriate permissions by default. Enter the username into this field. Contrary to the name of this field, this account does not need and should not have any administrative privileges. |
Admin Password | Enter the password for the user account created above. |
LDAP Secure | Leave blank. |
Username (testing purposes only) | Leave blank until you are ready to test. |
Client Certificate | Leave blank. |
Client Certificate Password | Leave blank. |