Versions Compared

Version Old Version 3 New Version Current
Changes made by

Sarabjeet Kaur

Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to: Image Removed (tick) Kyvos Enterprise   Image RemovedKyvos Cloud (Managed Services (tick) Kyvos Cloud (SaaS on AWS)   Image Removed (tick) Kyvos Azure AWS MarketplaceImage Removed

(tick) Kyvos AWS Azure Marketplace    Image RemovedKyvos (tick) Kyvos GCP Marketplace (tick) Kyvos Single Node Installation (Kyvos SNI)   Image RemovedKyvos Free (Limited offering for AWS)

...

You can configure LDAP Authentication on your Kyvos cluster through Kyvos Manager.

  1. For this, click the cluster

...

  1. name > Security > Kyvos Authentication on the navigation pane.

  2. Select the Authentication Type as Remote Authentication.

  3. From the AuthenticationSystem select the LDAP option.

...

  1. Image Added

  2. See details according to your Directory Type.

Aura tab collection
settings{"generalSettings":{"tabSpacing":0,"tabWidth":100,"tabHeight":45,"direction":"horizontal"},"activeSettings":{"backgroundColor":{"color":"#f58227"},"text":{"fontSize":14,"color":"#000000","textAlign":"left","fontWeight":"bold"}},"inactiveSettings":{"backgroundColor":{"color":"#e2e2e2"},"text":{"fontSize":14,"color":"#000000","textAlign":"left","fontWeight":"bold"},"border":{"top":true,"left":true,"right":true,"bottom":true,"width":1,"style":"solid","color":"#cccecf"}},"contentSettings":{"backgroundColor":{"color":"#fff"},"padding":{"top":10,"right":10,"bottom":10,"left":10},"border":{"style":"solid","width":1,"top":true,"bottom":true,"left":true,"right":true,"color":"#cccecf"}},"hoverSettings":{"backgroundColor":{"color":"#cccecf"},"text":{"fontSize":14,"color":"#000000","textAlign":"left","fontWeight":"normal"}}}
tab1
Aura tab
titleAzure Active Directory
Aura tab
titleMicrosoft Active Directory
Aura tabtitleOpen DS
paramsJTdCJTIyZ2VuZXJhbCUyMiUzQSU3QiUyMnRhYlNwYWNpbmclMjIlM0EwJTJDJTIydGFiV2lkdGglMjIlM0ExMDAlMkMlMjJ0YWJIZWlnaHQlMjIlM0E1MCUyQyUyMmRpcmVjdGlvbiUyMiUzQSUyMmhvcml6b250YWwlMjIlN0QlMkMlMjJjb250ZW50JTIyJTNBJTdCJTIyYmFja2dyb3VuZENvbG9yJTIyJTNBJTdCJTIyY29sb3IlMjIlM0ElMjIlMjNmZmYlMjIlN0QlMkMlMjJib3JkZXIlMjIlM0ElN0IlMjJzdHlsZSUyMiUzQSUyMnNvbGlkJTIyJTJDJTIyd2lkdGglMjIlM0ExJTJDJTIydG9wJTIyJTNBdHJ1ZSUyQyUyMmJvdHRvbSUyMiUzQXRydWUlMkMlMjJsZWZ0JTIyJTNBdHJ1ZSUyQyUyMnJpZ2h0JTIyJTNBdHJ1ZSUyQyUyMmNvbG9yJTIyJTNBJTdCJTIybGlnaHQlMjIlM0ElMjIlMjNjY2NlY2YlMjIlN0QlN0QlMkMlMjJwYWRkaW5nJTIyJTNBJTdCJTIydG9wJTIyJTNBMTAlMkMlMjJyaWdodCUyMiUzQTEwJTJDJTIyYm90dG9tJTIyJTNBMTAlMkMlMjJsZWZ0JTIyJTNBMTAlN0QlN0QlMkMlMjJhY3RpdmUlMjIlM0ElN0IlMjJiYWNrZ3JvdW5kQ29sb3IlMjIlM0ElN0IlMjJjb2xvciUyMiUzQSU3QiUyMmxpZ2h0JTIyJTNBJTIyJTIzZjU4MjI3JTIyJTdEJTdEJTJDJTIydGV4dCUyMiUzQSU3QiUyMmZvbnRTaXplJTIyJTNBMTYlMkMlMjJjb2xvciUyMiUzQSU3QiUyMmxpZ2h0JTIyJTNBJTIyJTIzMDAwMDAwJTIyJTdEJTJDJTIydGV4dEFsaWduJTIyJTNBJTIybGVmdCUyMiUyQyUyMmZvbnRXZWlnaHQlMjIlM0ElMjJib2xkJTIyJTdEJTdEJTJDJTIyaG92ZXIlMjIlM0ElN0IlMjJiYWNrZ3JvdW5kQ29sb3IlMjIlM0ElN0IlMjJjb2xvciUyMiUzQSUyMiUyM2RmZTFlNiUyMiU3RCUyQyUyMnRleHQlMjIlM0ElN0IlMjJmb250U2l6ZSUyMiUzQTE4JTJDJTIyY29sb3IlMjIlM0ElMjIlMjM1ZTZjODQlMjIlMkMlMjJ0ZXh0QWxpZ24lMjIlM0ElMjJsZWZ0JTIyJTJDJTIyZm9udFdlaWdodCUyMiUzQSUyMmxpZ2h0ZXIlMjIlN0QlN0QlMkMlMjJpbmFjdGl2ZSUyMiUzQSU3QiUyMmJhY2tncm91bmRDb2xvciUyMiUzQSU3QiUyMmNvbG9yJTIyJTNBJTIyJTIzZjRmNWY3JTIyJTdEJTJDJTIydGV4dCUyMiUzQSU3QiUyMmZvbnRTaXplJTIyJTNBMTYlMkMlMjJjb2xvciUyMiUzQSUyMiUyMzVlNmM4NCUyMiUyQyUyMnRleHRBbGlnbiUyMiUzQSUyMmxlZnQlMjIlMkMlMjJmb250V2VpZ2h0JTIyJTNBJTIybGlnaHRlciUyMiU3RCUyQyUyMmJvcmRlciUyMiUzQSU3QiUyMnRvcCUyMiUzQXRydWUlMkMlMjJsZWZ0JTIyJTNBdHJ1ZSUyQyUyMnJpZ2h0JTIyJTNBdHJ1ZSUyQyUyMmJvdHRvbSUyMiUzQXRydWUlMkMlMjJ3aWR0aCUyMiUzQTElMkMlMjJzdHlsZSUyMiUzQSUyMnNvbGlkJTIyJTJDJTIyY29sb3IlMjIlM0ElN0IlMjJsaWdodCUyMiUzQSUyMiUyM2NjY2VjZiUyMiU3RCU3RCU3RCU3RA==
Aura tab
summaryActive Directory
paramsJTdCJTIydGl0bGUlMjIlM0ElMjJBY3RpdmUlMjBEaXJlY3RvcnklMjAlMjIlN0Q=

Enter details as:

Settings

Parameter/Field

Comments/Description

Basic Settings

Alias

Specify a unique alias name for the LDAP account.

Directory Type

Select the Azure Active Directory option from the list.

Client ID

Enter the Client ID for the Azure AD.
It is the unique identifier for your registered Azure AD application. Enter the value of the Application (client) ID for the app you registered in Azure AD.

Secret ID

Enter the Client Secret.

The client secret is created while registering your application to Azure AD.

Schema Settings

Tenant ID

Enter the Tenant ID, which is the ID of the Azure Active Directory in which you created the application.

To find your Tenant ID, click Azure Active Directory > Properties > Directory ID in the Azure portal. An AAD tenant is required for defining an application and for assigning permissions so the application can make use of other Azure services' REST APIs.

Scope

The scope is the resources access permissions. The default value is /.default.

Group Filter

Enter the details of group filters (if any).

Example:

For Azure AD
displayName eq 'Platform' or displayName eq 'RS'

User Filter

Enter the details of user filters (if any).

Example:

For Azure AD
memberofgroups(displayName eq 'Platform' or displayName eq 'RS')

Advanced Settings

Import Users As

Select the user role from the list.

Group Import Type

Select Default or Flat option.

The Flat option allows importing of nested groups from Azure AD, such that all the members of the nested groups can be mapped to the parent group configured in Kyvos without importing the groups.

User Group Sync Level

Select the user sync level.

Timeout

Enter the search timeout interval in seconds.

Connection Timeout

Enter the connection timeout interval in seconds.

Aura tab
summaryMicrosoft Active Directory
paramsJTdCJTIydGl0bGUlMjIlM0ElMjJNaWNyb3NvZnQlMjBBY3RpdmUlMjBEaXJlY3RvcnklMjAlMjIlN0Q=

Enter details as:

Settings

Parameter/Field

Comments/Description

Basic Settings

Alias

Specify a unique alias name for the LDAP account.

Referral Mode

Select the mode for the service providers to indicate how to handle referrals.

  • Ignore: Ignore referrals.

  • Follow: Automatically follow any referrals.

  • Throw: Throw a Referral Exception error for each referral.

Directory Type

Select the Microsoft Active Directory option from the list.

Host Name

Enter the hostname or IP address of the authentication directory server.

Use SSL

Select this check box if SSL is configured. You will have to upload the SSL certificate for this.

SSL Certificate

Upload the SSL certificate file for use with the authentication directory.

Port

Enter the port on which directory server is listening.

User DN

Enter a unique name for the user that the application will use when connecting to the directory server. For example, cn=user,dc=domain,dc=name for user@domain.name.

Password

Enter the password for the user.

Schema Settings

Base DN

Enter the name that the application will use when connecting to the directory server.

If you are searching for users in the Admin department of example.com, then the Base DN would be dc=example,dc=com, and the User DN would be cn=admin,dc=example,dc=com.

If you have a group within in the admin called ITadmin, then the User DN would be cn=admin,ou=ITadmin,dc=example,dc=com.

Additional Group DN 

Enter the additional group DN details (if any).

Additional User DN

Enter the additional user DN details (if any).

Group Filter

Enter the details of group filters (if any).

Example:
For LDAP
(&(objectCategory=Group)((cn=SUPPORT)))

User Filter

Enter the details of user filters (if any).

Example:
For LDAP
(memberOf= CN=SUPPORT,CN=Users,DC=kyvostest,DC=com)

Advanced Settings

Import Users As

Select the user role from the list.

User Group Sync Level

Select the user sync level.

Read Timeout

Enter the read timeout interval in seconds.

Search Timeout

Enter the search timeout interval in seconds.

Connection Timeout

Enter the connection timeout interval in seconds.

Aura tab
summaryOpen DS
paramsJTdCJTIydGl0bGUlMjIlM0ElMjJPcGVuJTIwRFMlMjAlMjIlN0Q=

Settings

Parameter/Field

Comments/Description

Basic Settings

Alias

Specify a unique alias name for the LDAP account.

Referral Mode

Select the mode for the service providers to indicate how to handle referrals.

  • Ignore: Ignore referrals.

  • Follow: Automatically follow any referrals.

  • Throw: Throw a Referral Exception error for each referral.

Directory Type

Select the Open DS option from the list.

Host Name

Enter the hostname or IP address of the authentication directory server.

Use SSL

Select this check box if SSL is configured. You will have to upload the SSL certificate for this.

SSL Certificate

Upload the SSL certificate file for use with the authentication directory.

Port

Enter the port on which directory server is listening.

User DN

Enter a unique name for the user that the application will use when connecting to the directory server. For example, cn=user,dc=domain,dc=name for user@domain.name.

Password

Enter the password for the user.

Schema Settings

Base DN

Enter the name that the application will use when connecting to the directory server.

If you are searching for users in the Admin department of example.com, then the Base DN would be dc=example,dc=com, and the User DN would be cn=admin,dc=example,dc=com.

If you have a group within in the admin called ITadmin, then the User DN would be cn=admin,ou=ITadmin,dc=example,dc=com.

Additional Group DN 

Enter the additional group DN details (if any).

Additional User DN

Enter the additional user DN details (if any).

Group Filter

Enter the details of group filters (if any).

User Filter

Enter the details of user filters (if any).

Advanced Settings

Import Users As

Select the user role from the list.

User Group Sync Level

Select the user sync level.

Read Timeout

Enter the read timeout interval in seconds.

Search Timeout

Enter the search timeout interval in seconds.

Connection Timeout

Enter the connection timeout interval in seconds.

If you have selected LDAP, you can define Custom Attributes per your requirement.

  1. You can also define multiple LDAP accounts. For this, click on the left.As shown, you can also duplicate an existing LDAP configuration using the Duplicate option.

...

  1. Image Added

  2. A new configuration with the name <LDAP>_1 is created. Edit the configuration as required, and click the Save button to save your changes.

  3. Click the Validate button to authenticate and verify the LDAP configurations. For multiple LDAP accounts, you also use the Validate All button from the three-dots menu to validate all the LDAP accounts at once.