Configure Active Directory / LDAP
By setting up Active Directory or LDAP as the primary authentication service for Bitium, you can extend your primary identity to all your cloud apps. You can also add directory to sync users and groups with Bitium, or you have the option to simultaneously perform a Directory sync and also enable primary authentication. Employees will log into Bitium using their Active Directory or LDAP username and password.
Active Directory Integration is available to Business Plus and Unlimited plan users. To learn more, please visit our Plans page or contact email@example.com.
Setting up an Active Directory connector with Bitium is simple. While logged into Bitium as an admin for your org:
- Open the “Manage [ORG]” menu and select Directories.
- On the Directory setup screen, select “Active Directory” or “LDAP”
To Connect via the On-Premise Agent
To Connect over the Web
Select “Get Started”
On the Active Directory / LDAP “Step 1: Services” page select either “Authentication”, “Directory Sync” or both. Click “Next”.
On the “Step 2: Connect” page supply the required information about your Active Directory / LDAP server and an AD / LDAP account that has permission to browse groups and accounts. Click “Continue”.
Important – The account used for setting up the Active Directory / LDAP connector must have permission to browse the list of users and groups.
JumpCloud is a Bitium partner that provides Directory-as-a-Service solutions.
By enabling JumpCloud as the primary identity authentication service for Bitium, you can extend your primary identity to all your cloud apps. Employees accessing their Bitium dashboard will be authenticated against their JumpCloud credentials.
Note: On step 2 of “Setup process” for Connect over Web, your Base DN should be in the following format: “ou=Users,o=xxxxxxxxxxxxxxx,dc=jumpcloud,dc=com”.
The next page will confirm that you are successfully connected to Active Directory / LDAP. Click “Next”. If you did not enable “Directory Sync” skip steps 5-7.
On the “Step 4: Users” page, use the visual tree to select the Organizational Unit Users you want to sync with. Once selected, click “Preview” to view these users.
To edit Attribute Settings click the link on the right corner of the Visual Tree Preview. ‘Username’ is now an available mapping field in the LDAP flow.
Click “Next”, and use the next visual tree to select the Organizational Unit Groups you want to sync with. Once selected, click ” Preview” once again to verify these groups. Click “Next”.
On the “Step 4: Settings” page configure your directory with the following options: Primary Directory, Remove Apps when User Leaves Group, and Reactivate Users. Click “Continue”. In step 2 if you selected just “Directory Sync”, you have completed the AD/ LDAP directory sync setup.
On the “Step 5: Primary Auth” page enter your Active Directory / LDAP credentials to activate Primary authentication.
Once you select “Sign in & Active”, Bitium will confirm the supplied information. Once confirmed, your users may log into Bitium using their AD / LDAP credentials.
Bitium accesses your AD / LDAP server directly in real-time. All access is done over SSL and originates from a single IP address allowing you to create very specific firewall rules. We also encourage you to setup a read-only replica (RODC) in a DMZ network.
The system can be setup using Bitium’s authentication initially, access permissions can be configured, and then primary authentication can be turned on afterwards. So long as the user email addresses match, the changeover is seamless. The advantage of this approach is that user onboarding and the technical configuration can be run in parallel.
Originating IP Address: 188.8.131.52 (gw01.bitium.com)
Recommended port and protocol: LDAPS (port 636 - see http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx)
Bitium can support non-standard ports as well; use server.domain:port notation when supplying the Server information to specify a different port.