Introduction
This article explains how to sync with your corporate AD/LDAP to import users and groups for App distribution.
In order to use the LDAP or AD feature, you must have the following items.
- Have a corporate LDAP or active directory system in place and
- Have the server details and username/password access in order for App47 to be able to run a synchronization
- Create an SSO server of type AD or LDAP.
Once created, follow the steps below for to manage your AD or LDAP server integration.
Directories
How to Set up LDAP Sync
-
Navigate to the SSO tab under the App Store selection in the header banner.
- Click the edit icon for your desired server. If one does not exist, click Add SSO Server and select LDAP Server.
-
Enter the required information this includes:
-
Active checkbox - select this checkbox if you want to actively sync between your LDAP system and App47.
-
Server Name - enter the Name or IP address of the LDAP server.
-
Port - enter the Port number for the LDAP service.
-
Treebase = enter the base LDAP query string (cn=users,dn=abc,dn=com).
-
User Filter - enter the LDAP query string for finding a user (for example: cn=users).
-
User Identifier - enter the attribute name for the user, usually either 'cn' or 'uid'.
-
Group Filter - enter the LDAP query string for finding all groups (for example: cn=groups).
-
Group User Identifier - enter the attribute in a group that identifies the list of users associated with the group.
-
Username - enter the username for your LDAP server.
-
Password - enter the password that accompanies the username for your LDAP server.
-
Use SSL checkbox - select this checkbox if you want to use SSL to connect with your LDAP server.
-
Frequency - select the frequency (in hours) to sync the App47 account with your LDAP server.
-
Default App Store Invitation - enter a message that will be sent to all new users imported via LDAP.
-
-
Click Save when finished entering all required fields.
How to Set up AD Sync
- Navigate to the SSO tab under the App Store selection in the header banner.
- Click the edit icon for your desired server. If one does not exists, click Add SSO Server and select AD Server.
-
Enter the required information this includes:
-
Active checkbox - select this checkbox if you want to actively sync between your AD system and App47.
-
Server Name - enter the Name or IP address of the LDAP server.
-
Port - enter the Port number for the LDAP service.
-
Treebase - enter the base AD query string (cn=users,dn=abc,dn=com).
-
Username - enter the username for your LDAP server.
-
Password - enter the password that accompanies the username for your LDAP server.
-
SSL checkbox - select this checkbox if you want to use SSL to connect with your LDAP server.
-
Frequency - select the frequency (in hours) to sync the App47 account with your AD server.
-
Default User Invitation Message - enter a message that will be sent to all new users imported via AD.
-
-
Click Save when finished entering all required fields.
Managing Users and Groups
How to Import users
Users can be imported to the App47 system from your AD or LDAP server during the synchronization process. Once the first sync has completed, a list of groups from your server will appear in the "Groups" area. Click on "App Store", then "Groups" to see your AD or LDAP server. They will be listed on the left hand side.
Click on a group you would like to sync:
First add any apps you would like these users to have access too, do this by clicking on the "Apps" tab and selecting one or more apps.
Check the "Auto approve device" boxes if you would like user devices to be automatically approved when they are registered. Otherwise leave unchecked and all new device must be approved by an administrator.
Lastly, check "Synchronize" and then click "Save". This will cause a synchronization to occur with your AD/LDAP server. Users will be invited automatically to App47, and given a link to onboard their device. Subsequently they will use their AD/LDAP username and password to authenticate.
If a user is removed from all synchronized groups, they will be set as inactive in our system and no longer allowed to use any previously approved devices.
How to Allow Users to Self Register
Alternatively to importing all users, you can allow users to register when they need the App Store on their device, but still use their AD/LDAP username and password. Use the steps below to complete this setup.
NOTE: You can read more about user self registration in this article.
- Create a new local group, for this example we will use "Sales".
- Add one or more apps to this group.
- Select the Self registration enabled checkbox.
- Select the SSO server that you previously created for this purpose.
- Set the session length. This will determine how often the user is challenged for their password in the App Store.
- Choose to Auto-approve devices for self registered users or not. If selected, devices will automatically be approved. Otherwise an administrator will need to approve them before they can be used by the user.
- Click on the Save button.
You can now distribute the give link on your internal portal or email for your users to sign up and register when they need app(s) from the App Store.
Comments
0 comments
Please sign in to leave a comment.