Lightweight Directory Access Protocol (LDAP) is a core authentication protocol designed for directory services. Traditionally, LDAP has served as a database for storing information involving user identities like:
LDAP continues to play a key role in identity and access management (IAM). Modern security enhancements ensure that data is encrypted during transit, and insecure authentication methods vulnerable to interception are blocked.
Active Directory Federation Services (AD FS) provide single sign-on capabilities to organizations that are utilizing AD Directory Services (AD DS). It allows those with an Active Directory account to use that account on applications that are outside the boundaries of their Active Directory or applications that don’t rely on Active Directory accounts for authentication at all like DDI Central.
By creating a federation (the sharing of identity information), the user can be authenticated via his company’s Active Directory and can then be authenticated to DDI Central with a claim. All a DDI Central admin has to do is configure DDI Central to trust the incoming claims.
During an LDAP authentication process, the credentials the user enters via DDI Central, are compared to those entries stored within the LDAP directory database. If they match, the user is authenticated and granted access to DDI Central.
Active Directory Lightweight Directory Services (AD LDS) is a LDAP–based directory service similar to AD DS.
It’s designed to be used with directory-enabled applications, and it’s especially handy for an organization that may want to establish a directory of user accounts, but keep that directory separate from the organization’s AD DS infrastructure. It can be used as an identity provider with AD FS for both authentication and the generation of claims to web applications like DDI Central that can be configured to understand federation by following the steps below.
Get into the Settings module and select the Auth menu. On the Auth page, navigate to the LDAP tab and click the Configure LDAP button.
On the Configure LDAP window that appears, Follow the steps below for setting up LDAP (Lightweight Directory Access Protocol) within DDI Central.
On the Configure LDAP window that appears, Follow the steps below for setting up LDAP (Lightweight Directory Access Protocol) within DDI Central.
Click Save to activate the LDAP configuration settings after all required fields have been filled in.
These configurations enable DDI Central to authenticate users against the specified LDAP server with the chosen level of security, making it effortless for you to use centralized directory services like Active Directory Federation Services (AD FS) for your distributed Microsoft network infrastructure.
Info: You can also add an extra layer of security to user accounts by coupling LDAP credentials with with time-sensitive codes from any TOTP-enabled authenticators.