SECURITY Administrators and Super Administrators
NAVIGATION Multiple steps with multiple paths
IMPORTANT This article is a supplement to the Active Directory Integration Guide. Only continue with this article after reading the Active Directory Integration Guide, and when you have a clear understanding of the integration functionality.
This article explains how to integrate with Active Directory using the "LDAP Direct" method.
The LDAP Direct Active Directory integration is a method that allows you to integrate Active Directory with your Workplace"Workplace" describes the Workplace service in its entirety. team. This mode eliminates the need for one or more machines within the domain running a Workplace integration agent to authenticate the users. Instead, Workplace leverages the LDAPS protocol to directly query AD.
This new connection method involves connecting directly to the target domain via the LDAPS protocol (LDAP over SSL (TLS)).
While the integration is easier, faster and does not have the hardware requirements of the Integrate Active Directory: "On Prem" Method , it does require opening a port in your firewall to facilitate communication between your Active Directory and Workplace account.
- Windows Server 2003 or later
- Open SSL port in the target domain (default 636)
- SSL certificate for the target domain.
NOTE For more information, see: https://support.microsoft.com/en-us/kb/321051
- An account in the domain which Workplace uses for authentication. These credentials are stored on the server. The account only needs “Read” permissions to the domain, so a standard user account can be used for this purpose.
It is strongly recommended the password policy in Active Directory for this user is set to "Password never expires"!
- Firewall configured to accept communication from the Workplace server outgoing IP address range, represented by the appropriate DNS names for your region. To identify your region, login to Workplace OnlineWorkplace Online is the web portal that users within a team can use to access their data and administer their team.. Once logged in, use the domain name shown in the browsers address bar to identify the corresponding DNS names that need to be allowed to connect to your AD server(s):
|vip.soonr.com: mgt-sj.soonr.com, lvs.soonr.com|
|eu.soonr.com: mgt-dk.soonr.com, lvs-dk.soonr.com|
|ca.soonr.com: mgt-ca.soonr.com, lvs-ca.soonr.com|
|mp.soonr.com: mgt-mp.soonr.com, lvs-mp.soonr.com|
SECURITY Administrator credentials for a Workplace Team.
- Login to Workplace Online using the administrator credentials for the team.
- Navigate to ConfigurationConfiguration is the area within Workplace Online that allows you to customize your site, add your integrations, and configure the site-wide policies that dictate how Workplace will behave for your team. » Active Directory and select the LDAP Direct option.
NOTE If Active Directory is already enabled via any method, click on Configure.
- Complete the following fields:
|Authentication Domain||Enter the domain to be used to authenticate users.|
|Synchronization at||Specify at what hour of the day the synchronizing will occur.|
|LDAP Search Path||
Complete the LDAP search path. Multiple paths can be specified by clicking the ‘Add path’ button.
The LDAP path must be specified as per the instructions in the Active Directory Integration Guide.
|Default phone number prefix||This optional field allows for a telephone prefix to be entered, which will automatically be applied to any phone number that does not start with ‘+’. In AD environments where prefixes have not been entered, this allows for the prefix to automatically be appended upon import into Workplace. Entries into this field must be in the format ‘+XX’, where ‘XX’ is the desired country code.|
|Host Name||The IP address or hostname of the domain server.|
|Port||The port number for LDAPS (default is 636).|
- Click Test LDAP ConnectionA connection is a restricted user with a named Workplace account. Connections do not have storage quota allocated to them, they cannot create projects, and they cannot see all members and connections on the team. to Active Directory
- In the resulting window, enter your domain user name and your domain password, then click Test.
NOTE This will start a multi-stage test, showing green check marks if successful, or displaying an error message with an explanation if a failure occurs at any stage of the checks.
If the test fails, close the dialog box, correct the appropriate field and run the test again.
If the test completes successfully, you may click on 'Show server certificate' and verify the information is as expected.
- Click Save Certificate. The certificate will now be displayed and will show the status as Stored:
Clicking Get certificate from host will retrieve the current certificate from the host.
Clicking View more details will display detailed information about the certificate.
- Enter domain username into the UserA user is anyone with access to Workplace. Name field.
IMPORTANT Ensure you enter the username - not the email address!
- Click Set Password and enter the password associated with the username as per set 6.
NOTE Be aware this password will be stored securely in the Workplace service.
- Click Save Settings.
- Click Enable Active Directory.