Using LDAP (Active Directory) for authentication

BMC Atrium Single Sign-On provides support for using external Lightweight Directory Access Protocol (LDAP) servers for authentication. The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

A common usage of LDAP is to provide a "single sign-on" where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).

Support for LDAP also includes using external Active Directory (AD) servers for authentication. The Active Directory authentication must be configured for the enterprise environment.

Workflow

1. User accesses the protected application from a mobile device or through a web browser.
2. Web Agent redirects the user to BMC Atrium Single Sign-On console.
3. BMC Atrium Single Sign-On presents a login page to the user.
4. The user enters her/his credentials.
5. BMC Atrium Single Sign-On verifies the user’s credentials with LDAP.
6. LDAP authenticates the user.
7. BMC Atrium Single Sign-On provides access to the user.
8. The user accesses the application.

Before you begin

If you plan to enable SSL access, import the certificates and restart the Tomcat server before setting up LDAP (AD) authentication. For more information, see Managing-certificates-in-BMC-Atrium-Single-Sign-On.

To set up LDAP (AD) for authentication

Perform the following tasks to configure LDAP with Active Directory.

Where to go from here

• In Administering, see managing users, user groups, and authentication modules.