How to setup LDAP login provider for Identify


 On AD server, install the LDAP-WS configurator.

  • Create the LDAP-WS where its general info looks like this:


  • On its IIS setup, update its information like below:


  • On its certificate setup, choose the two certificates:
    • The certificate: “LDAP-WS server certificate” for the server certificate section
    • The certificate: “LDAP-WS client certificate” for the client certificate section


  • After the LDAP-WS is created successfully, go to Identify*Admin, access System Setup/LDAP Web services:


  • Then create the LDAP Web service whose name is “ldapwstest”  and points to: “http://ldapwstest.safewhere.local/LdapCredentialsService.svc” like below:


  • After clicking the Save button, you can check if the connection with the LDAP Web service is corrected or not by using the Test button.

Claim Transformation for LDAP Authentication

To convert the AD attributes from the AD server to Identify, create the LDAP transformation named “LDAP Claim Transformation” like this:


  • For the LDAP-WS service name, choose: “ldapwstest”
  • For the LDAP filter, map the SAM-Account-Name to the Name claim type.
  • For the claim mapping, map the AD attributes to the Identify claim types.

LDAP Authentication setup

  • Access the Identify*Admin, go to the connection list, and create the LDAP authentication like this:


  • For the Claim Transformation, attach the claim transformation: LDAP transformation
  • For the Identity's LDAP attribute, choose “SAM-Account-Name”.
  • For the LdapWS service name, choose: “ldapwstest”

To get off the LDAP-WS setup, we can use the direct AD. See the instruction here.