Getting started
      Back to home
      1. Support
      2. Getting started

      Azure LDAP/AD Integration

      LDAPS is commonly employed in scenarios where secure authentication and directory services are required, such as in enterprise environments for managing user accounts, permissions, and other directory-related tasks.

      LDAPS stands for Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) or Transport Layer Security (TLS). LDAP is a protocol used for accessing and maintaining directory information services, which can include information about users, groups, and other resources in a network.

      When LDAPS is used, it means that the communication between the LDAP client (such as an application or server) and the LDAP server is secured using TLS. This adds a layer of encryption to the LDAP communication, ensuring that sensitive information exchanged between the client and server is protected from eavesdropping and tampering.

      LDAPS is commonly employed in scenarios where secure authentication and directory services are required, such as in enterprise environments for managing user accounts, permissions, and other directory-related tasks. It provides a more secure way to transmit sensitive directory information compared to regular, non-secured LDAP.

      5.1.2 Azure LDAP/AD Integration

      To configure Myota bucketZero Workspace navigate to Administration Settings > LDAP/AD integration from the menu. Configure using the following examples as required by your Service Provider.

      You must create the LDAPS services your Azure Portal when configuring the LDAP for bucketZero Workspace. Note* The UUID must match the ObjectID, this must be configured in your Azure Portal when using LDAPS.

      LDAP/AD Integration Server Tab > Add a server by selecting the + sign.

      Server

      Host

      • ldaps://ldaps.domain.com
        • Note* LDAPS requires a certificate, it is recommended that you consult your Certificate Authority (CA) or IT team for specific recommendations such as certificate lifespan and level of encryption.
      • Port 636
        • Note that you can attempt to auto-detect the server’s port, if Myota cannot detect this you must enter them manually.

      User DN

      Password

      • Apply the account password

      One Base DN per line

      • dc=domain,dc=com
        • Note that you can attempt to auto-detect the Base DN, if Myota cannot detect this you must enter them manually.

      LDAPS_Integration_Azure

      Users

      LDAPS_Users_Azure

      Edit LDAP Query

      • (|(memberof=cn= ADMINS,ou=Users,o=ID,dc=domain,dc=com))

      Expert

      The Myota bucketZero Workspace generates a UUID be default, to align this UUID to the expected values for the claims and objects you must override the UUID by selecting the Expert option and adding the value (userPrincipalName) to the Internal Username Attribute field as shown in the image.

      LDAPS_Expert_Azure

      Login Attributes

      LDAP Filter:

      (&(&(|(objectclass=person))(|(|(memberof=CN=Domain Users,OU=Admin Users,DC=domain,DC=com)(primaryGroupID=XXXX))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))

      Login_Attributes_Azure

      Groups

      LDAP_Groups_Azure