Active Directory / LDAP
Configure Single Sign-On (SSO) with Active Directory and LDAP to enable seamless authentication for your ept AI users using their existing directory credentials.
Back to Integrations Overview
Overview
The Active Directory / LDAP SSO integration enables your ept AI users to:
- Sign in using their existing Active Directory or LDAP credentials
- Access ept AI without creating separate accounts
- Benefit from directory-based security and group management
- Use existing directory group memberships and policies
This integration supports both Active Directory and generic LDAP directory services, providing flexibility for different organizational structures.
Prerequisites
Before setting up the Active Directory / LDAP SSO integration, ensure you have:
- Directory Service: Active Directory or LDAP server configured
- Admin Access: Directory administrator access
- ept AI Setup: Your ept AI instance configured and ready
- Network Access: Ability to reach the directory server from ept AI
Setup Instructions
Step 1: Configure Directory Connection
-
Configure LDAP Settings:
- LDAP Server:
ldap://your-domain-controller.domain.com:389 - LDAPS Server:
ldaps://your-domain-controller.domain.com:636(recommended) - Base DN:
DC=yourdomain,DC=com - Bind DN:
CN=ServiceAccount,OU=ServiceAccounts,DC=yourdomain,DC=com
- LDAP Server:
-
Configure Authentication:
- Authentication Method: Simple or SASL
- Service Account: Dedicated service account for ept AI
- Password: Service account password
Step 2: Configure User Search
-
User Search Base:
- Search Base:
OU=Users,DC=yourdomain,DC=com - Search Filter:
(&(objectClass=user)(sAMAccountName={username})) - Username Attribute:
sAMAccountName
- Search Base:
-
Attribute Mapping: Map directory attributes to ept AI user properties:
sAMAccountName -> username
mail -> email
givenName -> firstName
sn -> lastName
memberOf -> groups
Step 3: Configure Group Search
-
Group Search Settings:
- Search Base:
OU=Groups,DC=yourdomain,DC=com - Search Filter:
(&(objectClass=group)(member={userDN})) - Group Attribute:
cn
- Search Base:
-
Group Mapping: Configure how directory groups map to ept AI roles:
CN=ept-ai-admins,OU=Groups,DC=yourdomain,DC=com -> Admin
CN=ept-ai-users,OU=Groups,DC=yourdomain,DC=com -> User
Step 4: Configure ept AI for Directory SSO
-
Access SSO Settings:
- Log into your ept AI admin dashboard
- Navigate to Configuration > Users > SSO Settings
- Click "Configure SSO"
- Select "Active Directory / LDAP" as the SSO provider
-
Configure Directory Settings:
SSO Provider: Active Directory / LDAP
LDAP Server: ldaps://your-domain-controller.domain.com:636
Base DN: DC=yourdomain,DC=com
Bind DN: CN=ServiceAccount,OU=ServiceAccounts,DC=yourdomain,DC=com
Configuration Options
Authentication Settings
- LDAP/LDAPS: Support for both LDAP and secure LDAPS
- Authentication Methods: Simple, SASL, or Kerberos
- Connection Pooling: Optimize directory connection performance
- Session Management: Configure session timeouts and renewal
User Provisioning
- Just-in-Time (JIT): Automatically create users on first sign-in
- Attribute Mapping: Map directory attributes to ept AI user properties
- Group Synchronization: Sync directory groups to ept AI roles
- User Updates: Automatically update user information from directory
Security Settings
- Encryption: Use LDAPS for secure communication
- Certificate Validation: Validate directory server certificates
- Access Control: Configure IP restrictions and access policies
- Audit Logging: Log all directory authentication events
Use Cases
Enterprise Authentication
- Centralized Identity: Use existing directory accounts for ept AI access
- Security Compliance: Meet enterprise security and compliance requirements
- User Management: Leverage directory's user lifecycle management
- Access Control: Use directory group policies for access control
On-Premises Integration
- Hybrid Environments: Support organizations with on-premises directories
- Existing Infrastructure: Leverage existing directory investments
- Group Management: Use existing directory group structures
- Policy Enforcement: Apply existing directory policies
Best Practices
Security Configuration
- LDAPS: Always use LDAPS for secure communication
- Service Account: Use dedicated service account with minimal privileges
- Access Policies: Configure appropriate access policies in directory
- Audit Monitoring: Monitor directory authentication logs regularly
Integration Management
- Testing: Regularly test the directory integration
- Documentation: Maintain up-to-date configuration documentation
- Monitoring: Monitor integration health and performance
- Updates: Keep both directory and ept AI updated
Troubleshooting
Common Issues
Authentication Failures:
- Verify directory server is accessible
- Check service account credentials
- Verify search base and filter configuration
- Review directory server logs
User Provisioning Issues:
- Check attribute mapping configuration
- Verify user attributes exist in directory
- Review user creation and update rules
- Check group synchronization settings
Connection Issues:
- Verify network connectivity to directory server
- Check LDAP/LDAPS port configuration
- Review firewall and security settings
- Test directory connection manually
Getting Help
- Active Directory Documentation: Active Directory Configuration
- LDAP Testing: Use LDAP browser tools for testing
- Support: Contact support@ept.ai for integration assistance
Related Resources
-
Users - Manage user access and permissions
-
ADFS Integration - ADFS-based SSO option
-
Azure AD Integration - Cloud-based alternative