applivery.com

Single Sign-On with LDAP authentication

Note

At this stage, you need to provide a name for the configuration and fill in the required fields.

Pay close attention when selecting "Android Device policy" in the corresponding DPC field.

Additionally, you can learn how to obtain the JSON for the "DPC extras" field here 

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.

Applivery implements LDAP both over and not over SSL.

LDAP authentication workflow #

  1. The user goes to your App Store domain or subdomain.
  2. The user enters the username and password and clicks CONTINUE button
  3. If the user is logged in and has the appropriate permissions in Applivery, the user is allowed to access the App Store where will see only the authorized Apps.

Configuring your LDAP server #

Authorizing Applivery IP Address #

In case your LDAP configuration uses IP whitelisting, we need you to authorize our IP Address: 34.175.89.200

Configuring your LDAP integration #

Go to your Organization settings and scroll down until the Login providers section and click the Add login provider > LDAP.

Fill out the Connection fields that will allow connect Applivery with your LDAP
  • Server: Must contain the protocol (eg: ldap:// or ldaps://) and the port (eg: 389)
  • Bind DN: Credential you are using to authenticate against an LDAP
  • Bind password: Password used to connect to LDAP along with Bind DN
Once done, setup your Directory configuration:
  • Search base: Defines the starting point for the search in the directory tree.
  • Search filter: A field that identifies the username of the user
  • Email field: The field that contains the user email address

Managing user groups #

Thank to the Distribution Groups you can limit which users will have access to your Distribution Sites when they are defined as Private (read more about Private App Stores). In addition Applivery will capture the users groups from your LDAP directory from the ones defined as OU (Organization Units).User groups will be synced every time a user performs a login action and will be prefixed with ldap: (i.e.: ldap:group1, ldap:group2).This feature will allow you to differentiate between the groups defined in Applivery (that will not be prefixed) and the ones coming from your LDAP integration. Note that all user groups associated with the user will be overwritten on every new login so if you add or remove a new group to the user in your LDAP Directory, it will not be synced in Applivery until the user performs a new login in your App Store.
Updated on May 8, 2023
Was this article helpful?

On this page

— talk to an expert —

Schedule a demo