LDAP Authentication#
VOSS Automate supports LDAP authentication and can be used either standalone (LDAP Authentication only) or in conjunction with LDAP syncing of users:
LDAP sync and authentication |
|
LDAP authentication-only (standalone) |
|
Note
VOSS Automate provides LDAP server support for case-insensitive search base DNs. For example, on an LDAP server, the following search base DNs are equal:
CN=Users,DC=example,DC=com
cn=Users,dc=example,dc=com
LDAP authentication workflow
User provides their credentials in the VOSS Automate system Login page.
Authentication request is sent to the relevant LDAP server(s), based on the user’s authentication setup:
Default authentication setup
Matching username and password
VOSS Automate username and password must match the username and password in the LDAP server (based on the LDAP field chosen for username).
Once authenticated, the LDAP username is mapped to VOSS Automate user to determine access, role, and so on.
Alternative authentication setup
Non-matching username and password
VOSS Automate supports authentication for mapping non-matching usernames. This is useful where the username in VOSS Automate and the UC apps is different to the username in LDAP. For example, if the LDAP username is bobsmith but the username in VOSS Automate is bsmith, then choose LDAP as the authentication type and set the LDAP username (bobsmith in this case) to match the username of bsmith in VOSS Automate. You would do this via the LDAP authentication attribute, such as sAMAccountName, mail, or userPrincipalName (which define the field where the username is sourced from, and which is used to authenticate the user.)
Note
For LDAP authentication, the password rules of the VOSS Automate credential policy don’t apply as the password is managed in the LDAP directory. Other credential policy rules are applied (such as session length), as these are managed in VOSS Automate.
Related Topics