Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace
...
You can import LDAP users from your organization into the Kyvos Manager repository . using one of the following directory types:
Microsoft Active Directory
Open DS
Azure Active Directory
To import LDAP users, perform the following steps:
On the navigation pane, click Kyvos Manager Settings > LDAP.
The LDAP page is displayed, as shown in the following figure.
Select the LDAP Enabled checkbox.
To retrieve LDAP configurations from an existing cluster, select the Cluster Name and LDAP Alias from the corresponding lists.
Enter details in the displayed fields as:
Panel |
---|
panelIconId | atlassian-note |
---|
panelIcon | :note: |
---|
bgColor | #DEEBFF |
---|
|
Note The details for Microsoft Active Directory and Open DS will remain the same. |
Aura tab collection |
---|
params | JTdCJTIyZ2VuZXJhbCUyMiUzQSU3QiUyMnRhYlNwYWNpbmclMjIlM0EwJTJDJTIydGFiV2lkdGglMjIlM0ExMDAlMkMlMjJ0YWJIZWlnaHQlMjIlM0E1MCUyQyUyMmRpcmVjdGlvbiUyMiUzQSUyMmhvcml6b250YWwlMjIlN0QlMkMlMjJjb250ZW50JTIyJTNBJTdCJTIyYmFja2dyb3VuZENvbG9yJTIyJTNBJTdCJTIyY29sb3IlMjIlM0ElMjIlMjNmZmYlMjIlN0QlMkMlMjJib3JkZXIlMjIlM0ElN0IlMjJzdHlsZSUyMiUzQSUyMnNvbGlkJTIyJTJDJTIyd2lkdGglMjIlM0ExJTJDJTIydG9wJTIyJTNBdHJ1ZSUyQyUyMmJvdHRvbSUyMiUzQXRydWUlMkMlMjJsZWZ0JTIyJTNBdHJ1ZSUyQyUyMnJpZ2h0JTIyJTNBdHJ1ZSUyQyUyMmNvbG9yJTIyJTNBJTdCJTIybGlnaHQlMjIlM0ElMjIlMjNjY2NlY2YlMjIlN0QlN0QlMkMlMjJwYWRkaW5nJTIyJTNBJTdCJTIydG9wJTIyJTNBMTAlMkMlMjJyaWdodCUyMiUzQTEwJTJDJTIyYm90dG9tJTIyJTNBMTAlMkMlMjJsZWZ0JTIyJTNBMTAlN0QlN0QlMkMlMjJhY3RpdmUlMjIlM0ElN0IlMjJiYWNrZ3JvdW5kQ29sb3IlMjIlM0ElN0IlMjJjb2xvciUyMiUzQSU3QiUyMmxpZ2h0JTIyJTNBJTIyJTIzZjU4MjI3JTIyJTdEJTdEJTJDJTIydGV4dCUyMiUzQSU3QiUyMmZvbnRTaXplJTIyJTNBMTYlMkMlMjJjb2xvciUyMiUzQSU3QiUyMmxpZ2h0JTIyJTNBJTIyJTIzMDAwMDAwJTIyJTdEJTJDJTIydGV4dEFsaWduJTIyJTNBJTIybGVmdCUyMiUyQyUyMmZvbnRXZWlnaHQlMjIlM0ElMjJib2xkJTIyJTdEJTdEJTJDJTIyaG92ZXIlMjIlM0ElN0IlMjJiYWNrZ3JvdW5kQ29sb3IlMjIlM0ElN0IlMjJjb2xvciUyMiUzQSUyMiUyM2RmZTFlNiUyMiU3RCUyQyUyMnRleHQlMjIlM0ElN0IlMjJmb250U2l6ZSUyMiUzQTE4JTJDJTIyY29sb3IlMjIlM0ElMjIlMjM1ZTZjODQlMjIlMkMlMjJ0ZXh0QWxpZ24lMjIlM0ElMjJsZWZ0JTIyJTJDJTIyZm9udFdlaWdodCUyMiUzQSUyMmxpZ2h0ZXIlMjIlN0QlN0QlMkMlMjJpbmFjdGl2ZSUyMiUzQSU3QiUyMmJhY2tncm91bmRDb2xvciUyMiUzQSU3QiUyMmNvbG9yJTIyJTNBJTIyJTIzZjRmNWY3JTIyJTdEJTJDJTIydGV4dCUyMiUzQSU3QiUyMmZvbnRTaXplJTIyJTNBMTYlMkMlMjJjb2xvciUyMiUzQSUyMiUyMzVlNmM4NCUyMiUyQyUyMnRleHRBbGlnbiUyMiUzQSUyMmxlZnQlMjIlMkMlMjJmb250V2VpZ2h0JTIyJTNBJTIybGlnaHRlciUyMiU3RCUyQyUyMmJvcmRlciUyMiUzQSU3QiUyMnRvcCUyMiUzQXRydWUlMkMlMjJsZWZ0JTIyJTNBdHJ1ZSUyQyUyMnJpZ2h0JTIyJTNBdHJ1ZSUyQyUyMmJvdHRvbSUyMiUzQXRydWUlMkMlMjJ3aWR0aCUyMiUzQTElMkMlMjJzdHlsZSUyMiUzQSUyMnNvbGlkJTIyJTJDJTIyY29sb3IlMjIlM0ElN0IlMjJsaWdodCUyMiUzQSUyMiUyM2NjY2VjZiUyMiU3RCU3RCU3RCU3RA== |
---|
|
Aura tab |
---|
summary | Microsoft Open Directory |
---|
params | JTdCJTIydGl0bGUlMjIlM0ElMjJNaWNyb3NvZnQlMjBPcGVuJTIwRGlyZWN0b3J5JTIwJTIyJTdE |
---|
|
Parameter/Field | Comments/Description |
---|
Directory Type | Select the directory type from the list. | Username Attribute | Specify the username attribute from the account that will be used as a username for the |
|
...
Kyvos Manager application. | Host Name | Enter the hostname or IP address of the authentication directory server. | Port | Enter is the port on which the directory server is listening. | User DN | Enter is a unique name for the user that the application will use when connecting to the directory server. For example, cn=user,dc=domain,dc=name for user@domain.name. | Password | Enter the password for the user. NOTE: If not specified, the last provided password will be used. To change, enter a new password. | Use Secure Layer | Select this check box if SSL is configured. You will have to upload the SSL certificate for this. | SSL Certificate | Upload the SSL certificate file for use with the authentication directory. | Base DN | Enter the name that the application will use when connecting to the directory server. If you are searching for users in the Admin department of example.com, then the Base DN would be dc=example,dc=com, and the User DN would be cn=admin,dc=example,dc=com. If you have a group within in the admin called ITadmin, then the User DN would be cn=admin,ou=ITadmin,dc=example,dc=com. | Additional Group DN | Enter the additional group DN details (if any). | Additional User DN | Enter the additional user DN details (if any). | Group Filter | Enter the details of group filters (if any). | User Filter | Enter the details of user filters (if any). | Show sync and timeout settings | Click to specify the sync and timeout settings: Import Users As: Select the default role for all users being imported from the LDAP. Read Timeout: Specify the timeout interval (in seconds) for reading data from LDAP. Search Timeout: Specify the timeout interval (in seconds) for searching new data from LDAP. Connection Timeout: Specify the timeout interval (in seconds) for connecting to the LDAP directory. Custom Attributes: If needed, add custom attributes for users being imported from LDAP.
|
Specify the username attribute for the account that will be used in the Kyvos Manager application. |
Aura tab |
---|
summary | Azure Active Directory |
---|
params | JTdCJTIydGl0bGUlMjIlM0ElMjJBenVyZSUyMEFjdGl2ZSUyMERpcmVjdG9yeSUyMCUyMiU3RA== |
---|
|
Parameter/Field | Comments/Description |
---|
Directory Type | Select the Azure Active Directory type from the list. | Username Attribute | Specify the username attribute for the account that will be used in the Kyvos Manager application. | Client ID | Enter the application ID that is created in Azure Active Directory (Microsoft Entra). | Secret ID | Enter the secret ID to access the configured application that is created in Azure Active Directory (Microsoft Entra). NOTE: If not specified, the last provided Secret ID will be used. To change, enter a new secret ID. | Tenant ID | Enter the tenant ID in which your application is created. | Scope | Enter the scope URL to get the specific permissions for the users. NOTE: The .default scope is used to refer generically to a resource service (API) in a request, without identifying specific permissions. For more information, refer to Microsoft documentation. | Group Filter | Enter the details of group filters (if any). | User Filter | Enter the details of user filters (if any). | Show sync and timeout settings | Click to specify the sync and timeout settings: Users Group Sync Level: Specify the sync level for the user group from: Bootup: The system searches for changes at every bootup and syncs the users with the LDAP directory. Incremental: The system search for changes whenever new data comes in and syncs the users with the LDAP directory. Never: The system does not sync user information from the LDAP directory.
Group Import Type: Select the default role for all users being imported from the LDAP. Timeout: Specify the timeout interval (in seconds) for reading data from LDAP. Connection Timeout: Specify the timeout interval (in seconds) for connecting to the LDAP directory. Custom Attributes: If needed, add custom attributes for users being imported from LDAP.
|
Image Added |
Click the Validate button to authenticate and verify the LDAP configurations.