On AD server, install the LDAP-WS configurator.
- Create the LDAP-WS where its general info looks like this:
- On its IIS setup, update its information like below:
- On its certificate setup, choose the two certificates:
- After the LDAP-WS is created successfully, go to Identify*Admin, access System Setup/LDAP Web services:
- Then create the LDAP Web service whose name is “ldapwstest” and points to: “http://ldapwstest.safewhere.local/LdapCredentialsService.svc” like below:
- After clicking the Save button, you can check if the connection with the LDAP Web service is corrected or not by using the Test button.
Claim Transformation for LDAP Authentication
To convert the AD attributes from the AD server to Identify, create the LDAP transformation named “LDAP Claim Transformation” like this:
- For the LDAP-WS service name, choose: “ldapwstest”
- For the LDAP filter, map the SAM-Account-Name to the Name claim type.
- For the claim mapping, map the AD attributes to the Identify claim types.
LDAP Authentication setup
- Access the Identify*Admin, go to the connection list, and create the LDAP authentication like this:
- For the Claim Transformation, attach the claim transformation: LDAP transformation
- For the Identity's LDAP attribute, choose “SAM-Account-Name”.
- For the LdapWS service name, choose: “ldapwstest”