Single Sign On with LDAP Authentication
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.
Applivery implements LDAP both over and not over SSL.
LDAP authentication workflow
- The user goes to your App Store domain or subdomain
- The user enters the username and password and clicks CONTINUE button
- If the user is logged in and has the appropriate permissions in Applivery, the user is allowed to access the App Store where will see only the authorized Apps.
Configuring your LDAP integration
Step 1 - Authorizing Applivery IP Address
In case your LDAP configuration uses IP whitelisting, we need you to authorize our IP Address:
Step 2 - Configuring your LDAP integration
Go to your Organization settings and scroll down until the Login providers section and click the Add login provider > LDAP.
Fill out the Connection fields that will allow connect Applivery with your LDAP
- Server: Must contain the protocol (eg: ldap:// or ldaps://) and the port (eg: 389)
- Bind DN: Credential you are using to authenticate against an LDAP
- Bind password: Password used to connect to LDAP along with Bind DN
Once done, setup your Directory configuration:
- Search base: Defines the starting point for the search in the directory tree.
- Search filter: A field that identifies the username of the user
- Email field: The field that contains the user email address
Managing user groups
As described here, you can limit which users will have access to your Distribution Sites when they are defined as Private (read more about Private App Stores here). In addition Applivery will capture the users groups from your LDAP directory from the ones defined as
OU (Organization Units).
User groups will be synced every time a user performs a login action and will be prefixed with
This feature will allow you to differentiate between the groups defined in Applivery (that will not be prefixed) and the ones coming from your LDAP integration. Note that all user groups associated with the user will be overwritten on every new login so if you add or remove a new group to the user in your LDAP Directory, it will not be synced in Applivery until the user performs a new login in your App Store.