Applivery Mobility Management
Explore by Topic

Single Sign-On with LDAP authentication

Single Sign-On with LDAP authentication
Note

Note that this is a premium feature that might not be available in your current plan.

Check the availability in our pricing page.

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.

Applivery implements LDAP both over and not over SSL.

LDAP authentication workflow

  1. The user goes to your App Store domain or subdomain.
  2. The user enters the username and password and clicks CONTINUE button
  3. If the user is logged in and has the appropriate permissions in Applivery, the user is allowed to access the App Store where will see only the authorized Apps.

Configuring your LDAP server

Authorizing Applivery IP Address

In case your LDAP configuration uses IP whitelisting, we need you to authorize our IP Address: 159.65.210.233

Configuring your LDAP integration

Go to your Organization settings and scroll down until the Login providers section and click the Add login provider > LDAP.

Fill out the Connection fields that will allow connect Applivery with your LDAP

  • Server: Must contain the protocol (eg: ldap:// or ldaps://) and the port (eg: 389)
  • Bind DN: Credential you are using to authenticate against an LDAP
  • Bind password: Password used to connect to LDAP along with Bind DN

Once done, setup your Directory configuration:

  • Search base: Defines the starting point for the search in the directory tree.
  • Search filter: A field that identifies the username of the user
  • Email field: The field that contains the user email address

Managing user groups

Thank to the Distribution Groups you can limit which users will have access to your Distribution Sites when they are defined as Private (read more about Private App Stores). In addition Applivery will capture the users groups from your LDAP directory from the ones defined as OU (Organization Units).

User groups will be synced every time a user performs a login action and will be prefixed with ldap: (i.e.: ldap:group1, ldap:group2).

This feature will allow you to differentiate between the groups defined in Applivery (that will not be prefixed) and the ones coming from your LDAP integration. Note that all user groups associated with the user will be overwritten on every new login so if you add or remove a new group to the user in your LDAP Directory, it will not be synced in Applivery until the user performs a new login in your App Store.

Doc Content