Configure LDAP as Primary Authentication
By setting up LDAP as the primary authentication service for Bitium, you can extend your primary identity to all your cloud apps. Employees will log into Bitium using their LDAP username and password.
LDAP Integration is available to Business Plus and Unlimited plan users. To learn more, please visit our Plans page or contact email@example.com.
Setting up an LDAP connector with Bitium is simple. While logged into Bitium as an admin for your org:
- Open the Manage menu, and select “Security.”
- On the Security Settings screen, select “Primary Authentication.”
- On the Primary Authentication screen, click the “Add New Form of Authentication” button. On the “New Primary Authentication” screen, select “LDAP” from the drop-down menu.
- Then, supply the required information about your LDAP server with an account that has permission to browse groups and accounts.
- Click “Save”, and Bitium will confirm the supplied information. Once confirmed, your users may log into Bitium using their LDAP credentials.
Bitium accesses your LDAP server directly in real-time. All access is done over SSL and originates from a single IP address allowing you to create very specific firewall rules. We also encourage you to setup a read-only replica (RODC) in a DMZ network.
The system can be setup using Bitium’s authentication initially, access permissions can be configured, and then primary authentication can be turned on afterwards. So long as the user email addresses match, the changeover is seamless. The advantage of this approach is that user onboarding and the technical configuration can be run in parallel.
Originating IP Address: 22.214.171.124 (gw02.bitium.com)
Recommended port and protocol: LDAPS (port 636 - see http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx)
Bitium can support non-standard ports as well; use server.domain:port notation when supplying the Server information to specify a different port.
Important – The account used for setting up the LDAP connector must have permission to browse the list of users and groups.