Introduction to SysAid LDAP integration
This page allows you to integrate SysAid with your LDAP (Lightweight Directory Access Protocol). Integration with your LDAP provides the following benefits:
- Import all users and user groups into SysAid automatically to save time and prevent mistakes that could occur from duplicating your data.
- Authenticate SysAid users through your LDAP. This means that your users have the same password for SysAid as they do for their computers, and all login attempts are recorded centrally in your LDAP.
- When using Active Directory as your LDAP, enable Single sign on so that your users are automatically logged into SysAid the moment they log into their computers.
- When using Active Directory as your LDAP, enable the Password Services module to reset LDAP passwords and unlock LDAP accounts using SysAid.
If you are using an On Premise edition of SysAid, click here for relevant LDAP integration help.
By enabling Single Sign-On, users are automatically signed into SysAid when they sign into their computers. You can enable Single Sign-On after configuring LDAP integration if you are using Microsoft Active Directory. Please view our SSO Guide for instructions for configuring Single Sign-On.
Important changes once LDAP is enabled
- For users imported from LDAP, you must make any password changes directly in your LDAP.
- SysAid authenticates all login attempts against your LDAP. All records of these attempts are stored in your LDAP logs.
- Any time you want to make changes to user details, it's recommended to make the changes in LDAP and then refresh your users in SysAid from your LDAP. You can do this from Settings > User Management > Administrators/End Users using the Refresh from LDAP button. Alternatively, you can schedule an LDAP refresh which pulls the information into SysAid automatically.
- Any users that you delete in SysAid but not in your LDAP, are automatically recreated when you refresh from LDAP. To avoid the recreation of users you no longer need, disable these users in SysAid rather than deleting them.
LDAP integration and licensing
SysAid allows you to import all of your LDAP users into SysAid even if this puts you over your license limit for end users. However, if you do exceed your limit, SysAid automatically disables as many users as necessary to put you under your limit. These users are disabled at random. For this reason, it's generally preferable to only import as many users as you have licenses.
View your LDAP structure for manual LDAP integration
To verify that your LDAP attributes fit the integration, you can connect to your LDAP directory with any LDAP browser. We recommend the LDAP browser, which is available at http://www.sysaid.com/down/ldapbrowser.zip.
- Login to your LDAP with this tool by entering the LDAP hostname/IP and port.
- Click Fetch Dns.
- From the drop-down list, choose the appropriate Dns.
- Clear the Anonymous Bind check box.
- Enter your LDAP username and password. You may need to fill in the username in its defined name form.
- Connect to the LDAP.
- Verify that the OUs you are looking for are displayed.
- If the OUs are not there, go back to the DN selection and choose a different DN from the list. Repeat this process until you find the DN that shows the correct OUs.
- After you have successfully logged into your LDAP, manually copy the LDAP structure into the LDAP integration form.
You may schedule an LDAP refresh to automatically import changes in LDAP into SysAid (e.g. new users). Enter a start time, and choose how often the refresh will repeat. The refresh runs at the time of day listed in the start time, so make sure you choose a time where all applicable servers are available and where there is minimum traffic to your SysAid server.
Complete LDAP integration
Check the Enable LDAP integration box at the top of the page, and click Save.
After completing the LDAP integration settings, go to Tools > User Management > End Users and click .
Once the LDAP import is completed, refresh the list to verify that the users were successfully imported.
The LDAP list displays all of your LDAP integrations with their relevant fields.
For general instructions for using list pages in SysAid, see Using SysAid Lists.
Create a new LDAP integration
To create an LDAP integration, click .
Edit an LDAP integration
To view or edit an existing an LDAP integration, click its row in the list to open the LDAP Integration form.
Delete an LDAP integration
To delete LDAP integrations
- Select the check boxes corresponding to the LDAP integrations you want to delete.
- Click Delete.
- When prompted, click Delete.