Customer premises installation of Cyara platform can be configured to use Active Directory authentication using LDAP and Secure LDAPS.
Please refer to the below article to check how to use Active Directory to authenticate the user.
Configuring for Active Directory
Active Directory does have the capability to authenticate via LDAP and LDAPS as well. LDAPS is a directory protocol similar to LDAP, but it incorporates SSL for greater security.
If the customer decides to move from LDAP to Secure LDAPS, we need to make changes in the Cyara web portal config and Cyara web identity config as Cyara web identity is responsible for the authentication of users for login and the Cyara web portal is responsible for adding new users.
For LDAPS, all the setting used is the same as LDAP but add SecureSocketsLayer to Membership Provider Settings. We need to update the below Key in Cyara web portal config and Cyara web identity config :
<add key="MembershipProviderSettings.ADDomain.AuthenticationTypes" value=" SecureSocketsLayer, Secure " />
Also, use the FQDN of the AD server instead of the IP address. After configuring LDAPS, restart the IIS server using Internet Information Server (IIS) Manager.
- LDAP connection string should have: LDAP:// not LDAPS://
- The toggle between TLS and non-TLS is the connection type: SecureSocketLayer = LDAP over TLS, Secure = LDAP over TCP
- The connection between the host and LDAP server establishes over TLS on port 636