Connect Aternity to your Active Directory (LDAP)

You can connect Aternity to your Microsoft Active Directory (AD), so that usernames defined in the AD can also be usernames to sign in to Aternity. Their usernames and passwords are managed in the AD only. You can add an LDAP group as Aternity users to assign roles to all members of that group, which saves you from manually managing each user separately.

When you connect Aternity to your LDAP directory, a user can sign in by selecting the name of the LDAP directory in the Domain field of the sign in screen, and then enter their regular enterprise username and password.

Connect the enterprise LDAP directory to use network usernames and passwords

You can connect to more than one LDAP directory, or more than one search base within the same LDAP directory.

Procedure

  1. Step 1 Open a browser and sign in to Aternity.
  2. Step 2 Select the Gear Icon > Settings > Enterprise Environment Integration > Directory Service.
    Access the settings to connect to your enterprise LDAP directory
  3. Step 3 Enter the connection information to access the enterprise LDAP directory server.
    Configure settings to connect to the LDAP directory server
    Field Description
    Name

    Enter the display name of the LDAP directory, as it should appear in the login screen of Aternity .

    URL

    Enter the address to connect to the LDAP directory server using a URL format (including the ldap:// protocol). For secure LDAP connections, enter ldaps://.

    Search Base

    Enter the part of the LDAP database tree which you want to expose to Aternity. For example, you can restrict to a domain within the tree: ou=name,dc=<domain_name>,dc=com.

    Server Requires Authentication

    Select if access to the LDAP database requires credentials.

    User name

    Enter the username required by the LDAP server to access the LDAP database.

    Password

    Enter the password required by the LDAP server to access the LDAP database.

    Authorize indirect group members

    Select to allow adding all members of an LDAP group to have access to Aternity with their network usernames and passwords, all with the same set of privileges.

    Without this setting, you can only add individual LDAP users to login with their network usernames and passwords.

    User name attribute

    Enter the LDAP field name which represents the login username.

    First name attribute

    Enter the LDAP field name which represents a user's first name.

    This is only used to display the user entry in the list of Aternity users.

    Last name attribute

    Enter the LDAP field name which represents a user's last name.

    This is only used to display the user entry in the list of Aternity users.

    Department attribute

    Enter the LDAP field name which represents a user's department in your organization.

    This is only used to display the user entry in the list of Aternity users.

    Description attribute

    Enter the LDAP field name which represents the description field of a user.

    This is only used to display the user entry in the list of Aternity users.

  4. Step 4 Select Test Configuration to test the connection with the LDAP, verifying that Aternity can access the LDAP directory with the address, credentials, and search base which you entered.
  5. Step 5 Select Apply.