LDAP Users
最終更新日:2024-01-02 11:44:21
1. Usage Scenario
If your enterprise already has an account system like Microsoft AD, openLDAP or GoogleLDAP, you can directly connect the LDAP server to the ESA platform to reduce the workload of creating users.
2. Operation Steps
Go to ID Authentication–>Id Provider, click Add IdP–>LDAP to configure the connection.
![[Feature Upgrade] Advanced Access Control](https://www.wangsu.com/wos/draft/help_doc/ko_kr/24246/27333/1684735886987_image.png)
1)Fill in the following information as prompted:
-
LDAP proxy : If your LDAP server is in Intranet, you should choose one of an ESA connector as reverse proxy.
-
Server information : fill in your server information so that we can connect to sync contact info.
-
Advanced settings : config advanced settings if any
-
Synchronization configuration :
| Parameter Name | Description |
|---|---|
| Sync Status | Configures whether to sync user account from LDAP when setup is done |
| Import Organization | Choose to only import user accounts or sync user organization and user account |
| Duplicate Users | During synchronization, if there are accounts that already exist on ESA, should the platform keep the existing user information or use user account in LDAP to overwrite |
| Change User Group | If there is user permission info included in LDAP, should the platform keep the user permission or delete when synchronize. |
| Enable Account | Configures whether to enable the account when synchronize from LDAP or manually enable them later. |
| Default Bandwidth | Configures the default bandwidth for each account. Or you can batch assign here and manually adjust the bandwidth for specific user in user details. |
| Update Mobile When Sync | Update user mobile phone when synchronize from LDAP |
| Update Email When Sync | Update user Email address when synchronize from LDAP |
| Two-factor Authentication | Choose the TFA methods for user. If you don't need TFA, please disable Request TFA When Login |
| Request TFA When Login | Choose whether to request users to do TFA when login to ESA each time. Once enabled, users will be request to perform SMS authentication or TOTP authentication when login |
| Auto Synchronization | Choose whether to perform auto synchronization from LDAP periodically |
2)After confirming that the information is filled in correctly, click Save to complete the configuration.
3)Click Communication Detection to test if the connection to LDAP server is working.
4)Click Save and Synchronize to save service configuration, then a synchronization dialog box will pop up to ask whether you choose to import all users or some users.
So far, the process of importing users from LDAP server has been finished. To further manage LDAP accounts, you can do:
-
Click Disable ,all the LDAP accounts will not be able to log in to the ESA client to access the applications. But the information and permission information remains.
-
Click Delete , all LDAP user accounts will be deleted. User information and permission information will also be cleared.