LDAP Integration List

 
Author
Message
SysAid Technical Writer
923
 

Settings

Integration

LDAP Integration

 

Introduction to SysAid LDAP integration

 

This page allows you to integrate SysAid with your LDAP (Lightweight Directory Access Protocol). Integration with your LDAP provides the following benefits:

  • Import all users and user groups into SysAid automatically to save time and prevent mistakes that could occur from duplicating your data.
  • Authenticate SysAid users through your LDAP. This means that your users have the same password for SysAid as they do for their computers, and all login attempts are recorded centrally in your LDAP.
  • When using Active Directory as your LDAP, enable Single sign on so that your users are automatically logged into SysAid the moment they log into their computers.
  • When using Active Directory as your LDAP, enable the Password Services module to reset LDAP passwords and unlock LDAP accounts using SysAid.

Note: To setup LDAP integration, your LDAP server (e.g. Domain Controller) must be accessible to SysAid through one of your region's relevant IP addresses and the relevant port (e.g. 389 or 636) or you can use a remote discovery service, installed locally in your network, to avoid opening any ports in your firewall.

If you are using an On Premise edition of SysAid, click here for relevant LDAP integration help.

Single Sign-On

By enabling Single Sign-On, users are automatically signed into SysAid when they sign into their computers. You can enable Single Sign-On after configuring LDAP integration if you are using Microsoft Active Directory. Please view our SSO Guide for instructions for configuring Single Sign-On.

 

Important changes once LDAP is enabled

 

  • For users imported from LDAP, you must make any password changes directly in your LDAP.
  • SysAid authenticates all login attempts against your LDAP. All records of these attempts are stored in your LDAP logs.
  • Any time you want to make changes to user details, it's recommended to make the changes in LDAP and then refresh your users in SysAid from your LDAP. You can do this from Settings > User Management > Administrators/End Users using the Refresh from LDAP button. Alternatively, you can schedule an LDAP refresh which pulls the information into SysAid automatically.
  • Any users that you delete in SysAid but not in your LDAP, are automatically recreated when you refresh from LDAP. To avoid the recreation of users you no longer need, disable these users in SysAid rather than deleting them.

 

LDAP integration and licensing

 

SysAid allows you to import all of your LDAP users into SysAid even if this puts you over your license limit for end users. However, if you do exceed your limit, SysAid automatically disables as many users as necessary to put you under your limit. These users are disabled at random. For this reason, it's generally preferable to only import as many users as you have licenses.

View your LDAP structure for manual LDAP integration

To verify that your LDAP attributes fit the integration, you can connect to your LDAP directory with any LDAP browser. We recommend the LDAP browser, which is available at http://www.sysaid.com/down/ldapbrowser.zip.

 

  1. Login to your LDAP with this tool by entering the LDAP hostname/IP and port.
  2. Click Fetch Dns.
  3. From the drop-down list, choose the appropriate Dns.
  4. Clear the Anonymous Bind check box.
  5. Enter your LDAP username and password. You may need to fill in the username in its defined name form.
  6. Connect to the LDAP.
  7. Verify that the OUs you are looking for are displayed.
  8. If the OUs are not there, go back to the DN selection and choose a different DN from the list. Repeat this process until you find the DN that shows the correct OUs.
  9. After you have successfully logged into your LDAP, manually copy the LDAP structure into the LDAP integration form.

Schedule

You may schedule an LDAP refresh to automatically import changes in LDAP into SysAid (e.g. new users). Enter a start time, and choose how often the refresh will repeat. The refresh runs at the time of day listed in the start time, so make sure you choose a time where all applicable servers are available and where there is minimum traffic to your SysAid server.

 

Complete LDAP integration

Check the Enable LDAP integration box at the top of the page, and click Save.

 

After completing the LDAP integration settings, go to Tools > User Management > End Users and click Refresh from LDAP.

Once the LDAP import is completed, refresh the list to verify that the users were successfully imported.

LDAP List

The LDAP list displays all of your LDAP integrations with their relevant fields.

 

 

For general instructions for using list pages in SysAid, see Using SysAid Lists.

Create a new LDAP integration

To create an LDAP integration, click .

Edit an LDAP integration

To view or edit an existing an LDAP integration, click its row in the list to open the LDAP Integration form.

Delete an LDAP integration

To delete LDAP integrations

  1. Select the check boxes corresponding to the LDAP integrations you want to delete.
  2. Click Delete.
  3. When prompted, click Delete.
SysAider
7
 
Hi Team,

after upgrading to Build Numberv17.3.54 b14, LDAP integration doesn't allow to add user credentials. i have tried chrome/FF/IE/Edge and the result is the same.

below are the screenshots

https://drive.google.com/file/d/0B5lt9zHbf07KYjY1ZXlMUGFpX2M/view?usp=sharing
https://drive.google.com/file/d/0B5lt9zHbf07KQXJGOU1YR1BhVzA/view?usp=sharing

Thanks
SysAid Community Manager Product Team
4490
 
Hi Shameem,

Please create relevant credentials (and domain if necessary) under Settings > Network Discovery first. I'll suggest an improvement to indicate where to look for these options in LDAP section.

Thanks,
Danny