Map LDAP Groups With Proficy Authentication

About this task

If you want LDAP users to use Proficy Authentication, you must map the corresponding LDAP groups with the Proficy Authentication group created during the Proficy product installation.

Procedure

  1. Double-click on your desktop.
    The icon appears on your desktop after you install Proficy Authentication.
  2. Select the Identity Providers tab.
    The Proficy Authentication/LDAP/SAML Connectivity Tool appears.
  3. Select the Map Existing LDAP Groups check box.
  4. In the UAA Connection section, provide values as specified in the following table.
    Important: The values that you provide in this step must match the values that you provided while installing your Proficy product. These values are required to connect to the Proficy Authentication. Proficy Authentication works only with a single instance of Proficy Authentication, which is specified during Proficy Authentication installation. After installation, you cannot change the instance of Proficy Authentication that Proficy Authentication will use.
    FieldDescription
    URLThis information is read-only. The authorization server URL of the Proficy Authentication server is populated by default. This is the UAA Base URL that you specified during installation.
    Client IDEnter the client ID of the Proficy Authentication server that you specified for Admin Client ID during installation.
    Client SecretEnter the client secret configured for the OAuth client that you specified for Admin Client Secret during installation.
  5. Select Test.
    If connection to the Proficy Authentication server is established, a message appears, confirming the same.
    Note: Currently, the Test Button displays a successful connection for LDAP even when no security certificate or a bad certificate is found.
  6. In the LDAP Connection section, provide values as specified in the following table.
    FieldDescription
    URLEnter the base URL of the LDAP server (for example, https://localhost).
    Bind User DNEnter the distinguished name of the bind user (for example, cn=admin,ou=Users,dc=test,dc=com).
    PasswordEnter the password for the LDAP user ID that searches the LDAP tree for user information.
    Skip SSL Verification

    Select this check box if you do not have the certificate to access the LDAP server. Messages are still encrypted, but the certificate is not verified for correctness. Do not select this option if you are not confident of the direct connection to the LDAP server; it could result in redirected traffic outside of your controlled network.
    User Search Filter
    • cn={0}: Allows the LDAP user (active directory user) to login with their display name.
    • sAMAccountName={0}: Allows the LDAP user (active directory user) to login with their account name (Windows login name).
    User Search BaseEnter the starting point for the LDAP user search in the directory tree (for example, dc=developers,dc=com).

    If you use only DC=pa,DC=com, timeout may occur due to slow system response. Use the exact OU to avoid timeout.

    Group Search BaseEnter the starting point for the LDAP group search in the directory tree (for example, ou=scopes,dc=developers,dc=com).

    If you use only DC=Ge,DC=com, timeout may occur due to slow system response. Use the exact OU to avoid timeout.

    Max Group Search Depth Enter a value to define the maximum depth for searching LDAP groups. (This may impact performance for very large systems.) By default this value is 10.
    Group Search Filter Enter the subdirectories to include in the search (for example, member={0} retrieves the memberOf attribute values for the specific user).
  7. Select Test, and then select Submit.
    If connection to the LDAP server is established, a message appears, confirming the same.
  8. Select Test again, and then select Continue.
    In the LDAP Mapping section, the drop-down list box contains a list of groups in Proficy Authentication.
  9. In the drop-down list box, select the Proficy Authentication group to which you want to map LDAP groups. You can also search for a group in the LDAP Groups Search Filter box. When searching, be sure to use the standard LDAP query language for your search.
    Note: If a group is already mapped to the Proficy Authentication group that you have selected, the check box is already selected.
  10. Select Map Groups.
    A message appears, confirming that the LDAP groups are mapped to the Proficy Authentication group.
  11. Repeat steps 8-10 for all the Proficy Authentication groups that you want to map.

Results

The LDAP groups are mapped with the Proficy Authentication groups.