EZOfficeInventory is now EZO. Discover the reasons behind the rebrand and what it entails 
EZO also integrates with your LDAP (Lightweight Directory Access Protocol) or Active Directory servers. Users in your organization can use their LDAP credentials to access EZO.
What is LDAP/Active Directory?
LDAP or Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. An LDAP directory is organized in a simple “tree” hierarchy. LDAP is most commonly used in medium to large companies.
1. Why integrate your Active Directory with EZO?
Some of our customers wanted to โsyncโ their staff database with EZO or wanted to avoid replicating LDAP staff members in EZO. For such cases, we allow an integration with LDAP servers.
Enable LDAP Server Integration from Settings โ Integrations โ User Provisioning and SSO โ LDAP Server Integration (see image below).
2. Whitelisting the IPs on your LDAP server
You may need to whitelist our IP addresses on your LDAP server. To whitelist our IPs on your Directory Server, use the following two IPs:
50.16.201.234
54.221.243.145
3. Configure the Basic Settings
Once enabled, youโll see a list of settings required to complete the LDAP integration successfully. See image below:
โ LDAP Server: The IP address or URL of your companyโs Directory Server. (Note: Make sure to fill in the correct IP address to avoid a connection error later).
โ LDAP Server Port: The port on which your directory server listens to requests.
โ LDAP Admin Login: This should be the complete โdnโ (domain component) of the admin user on your companyโs directory server who is able to search through all of your directory users.
โ LDAP Admin Password: Password of the admin user on your directory server.
โ LDAP Login Attribute: The attribute that your users will use to login to their account. The default value is โcnโ (common name) but you can change it to any attribute e.g. โmailโ.
โ LDAP Encryption Enabled: Select this setting only if your directory server allows secure connections.
Once youโve filled all the above settings, click โVerify Connectionโ to ensure successful integration.
4. Setting up Organizational Units/Departments
Identify the organizational unit (one or more) where your EZO users exist. All users in that organizational unit(s) will have access to EZO, and any user outside the given organizational unit(s) wonโt be able to log in. If you have a nested OU structure (e.g. Branding Division being an OU, which has two sub-OUs Marketing and Finance) then all the sub-OUs also need to be listed. In this example, weโll list 3 OUs; Branding Division, Marketing, and Finance.
Make sure to Save your Settings by scrolling down and hitting the Update button.
5. Importing/Updating users
Once your LDAP settings are in place, you can import the users from your AD using the ‘Sync with LDAP’ in the Members tab.
You can also sync (update) the EZO members with your LDAP users, using the Update Existing Members option. The sync process can be automated by enabling the โauto syncing of usersโ setting at Settings โ Add Ons โ LDAP Server Integration.
Note: A common issue for an unsuccessful import/sync process is not having Last Name and Email attributes configured in your LDAP server. Also look out for invalid usersโ email addresses.
6. Advanced Options
Go to โ Settings โ Add Ons โ LDAP Server Integration and youโll see 3 advanced options. These are:
a) Enable auto syncing of users: Check this option to automate sync of EZO members with LDAP users. This sync occurs once every day.
b) Auto Disable suspended LDAP users: If selected, the users suspended in LDAP are automatically disabled in EZO. This ensures that EZO access will automatically be revoked for the users youโve suspended in LDAP.
c) Provision all new users: If selected, users from your LDAP (selected OUs) will be automatically imported, if they arenโt present in your EZO membersโ list.
7. User Listing/Access Control
If you have User listings enabled, you can map OUs to your User listings e.g. if your Finance Office Intern department is in an OU named ‘foi’, and the corresponding user listing is Restricted, you can map ‘foi’ to ‘Restricted’.
Note: If you have User listings enabled from the Settings, the user listings will then also be updated as per your LDAP settings.
8. LDAP attributes
You can also sync additional attributes if you wish. The default attributes are the ones shown below:
Apart from all these, you can also map custom fields. To do so, select the โEnable Custom Fields Mapping in LDAPโ option. You will then see all the custom fields that you have created and can now map, as shown below:
Note: Once you enable custom fields mapping in LDAP, all mandatory custom fields must be mapped. Any member that is being imported from LDAP but has missing values for mandatory fields will not be imported unless the mandatory field has a default value.
9. Enabling logins with Employee ID
You can also sync employee IDs from your Active Directory. In this manner, you can enable users to log in with employee IDs in the place of email addresses.
In order to sync employee IDs, make sure your Active Directory has employee IDs populated in it. Then, map the field corresponding to employee IDs to โIDโ in LDAP attributes.
To set employee IDs as the preferred logging in method, set your LDAP Unique Identifier to โIDโ in EZO.
Click on โUse Employee IDโ to change the identifier from โmailโ to โIDโ.
10. Email alerts for LDAP syncs
You can also set up alerts to be sent after LDAP users are synced. To do so, go to More โ Alerts โ Members sectionand select the โLDAP Users Syncโ option.
This email is only sent to the account owner, admins, and supervisors. You can also send alerts as part of the daily digest. If you click on โSample Viewโ, it shows you the email that will be sent in the alert.
11. What information is synced when LDAP sync takes place?
Only three fields are synced โ First Name, Last Name, and the email.
12. Provisioning users as they access EZO
If you donโt import or sync members as detailed above, theyโll be created in EZO and synced as they access.
13. Sign In experience
Your users can use their LDAP Credentials on your Log In screen. If youโd like to remove the โLogin with Googleโ and โLogin with Windowsโ options, you can do so from Settings โ Company Settings โ Authentication.
Note: User provisioning via multiple sources is not possible at the moment.
Troubleshooting
I have forgotten my password and can’t seem to reset it through EZO. Please help
We don’t have the ability to reset the password through the EZO app for users who are synced through SAML or LDAP. Since this user is synced through LDAP, they will need to reset their password in LDAP and then try to log in with that password.
For more assistance, drop us an email at support@ezo.io
