EZOfficeInventory also integrates with your LDAP (Lightweight Directory Access Protocol) or Active Directory servers. Users in your organization can use their LDAP credentials to access EZOfficeInventory.
What is LDAP/Active Directory?
LDAP or Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. An LDAP directory is organized in a simple “tree” hierarchy. LDAP is most commonly used in medium to large companies.
1. Why integrate your Active Directory with EZOfficeInventory?
Some of our customers wanted to ‘sync’ their staff database with EZOfficeInventory or wanted to avoid replicating LDAP staff members in EZOfficeInventory. For such cases, we allow an integration with LDAP servers.
Enable LDAP Server Integration from Settings → Integrations → User Provisioning and SSO → LDAP Server Integration (see image below).
2. Whitelisting the IPs on your LDAP server
You may need to whitelist our IP addresses on your LDAP server. To whitelist our IPs on your Directory Server, use the following two IPs:
50.16.201.234
54.221.243.145
3. Configure the Basic Settings
Once enabled, you’ll see a list of settings required to complete the LDAP integration successfully. See image below:
– LDAP Server: The IP address or URL of your company’s Directory Server. (Note: Make sure to fill in the correct IP address to avoid a connection error later).
– LDAP Server Port: The port on which your directory server listens to requests.
– LDAP Admin Login: This should be the complete ‘dn’ (domain component) of the admin user on your company’s directory server who is able to search through all of your directory users.
– LDAP Admin Password: Password of the admin user on your directory server.
– LDAP Login Attribute: The attribute that your users will use to login to their account. The default value is ‘cn’ (common name) but you can change it to any attribute e.g. ‘mail’.
– LDAP Encryption Enabled: Select this setting only if your directory server allows secure connections.
Once you’ve filled all the above settings, click ‘Verify Connection’ to ensure successful integration.
4. Setting up Organizational Units/Departments
Identify the organizational unit (one or more) where your EZOfficeInventory users exist. All users in that organizational unit(s) will have access to EZOfficeInventory, and any user outside the given organizational unit(s) won’t be able to log in. If you have a nested OU structure (e.g. Branding Division being an OU, which has two sub-OUs Marketing and Finance) then all the sub-OUs also need to be listed. In this example, we’ll list 3 OUs; Branding Division, Marketing, and Finance.
Make sure to Save your Settings by scrolling down and hitting the Update button.
5. Importing/Updating users
Once your LDAP settings are in place, you can import the users from your AD using the ‘Sync with LDAP’ in the Members tab.
You can also sync (update) the EZOfficeInventory members with your LDAP users, using the Update Existing Members option. The sync process can be automated by enabling the ‘auto syncing of users’ setting at Settings → Add Ons → LDAP Server Integration.
Note: A common issue for an unsuccessful import/sync process is not having Last Name and Email attributes configured in your LDAP server. Also look out for invalid users’ email addresses.
6. Advanced Options
Go to → Settings → Add Ons → LDAP Server Integration and you’ll see 3 advanced options. These are:
a) Enable auto syncing of users: Check this option to automate sync of EZOfficeInventory members with LDAP users. This sync occurs once every day.
b) Auto Disable suspended LDAP users: If selected, the users suspended in LDAP are automatically disabled in EZOfficeInventory. This ensures that EZOfficeInventory access will automatically be revoked for the users you’ve suspended in LDAP.
c) Provision all new users: If selected, users from your LDAP (selected OUs) will be automatically imported, if they aren’t present in your EZOfficeInventory members’ list.
7. User Listing/Access Control
If you have User listings enabled, you can map OUs to your User listings e.g. if your Finance Office Intern department is in an OU named ‘foi’, and the corresponding user listing is Restricted, you can map ‘foi’ to ‘Restricted’.
Note: If you have User listings enabled from the Settings, the user listings will then also be updated as per your LDAP settings.
8. LDAP attributes
You can also sync additional attributes if you wish. The default attributes are the ones shown below:
Apart from all these, you can also map custom fields. To do so, select the ‘Enable Custom Fields Mapping in LDAP’ option. You will then see all the custom fields that you have created and can now map, as shown below:
Note: Once you enable custom fields mapping in LDAP, all mandatory custom fields must be mapped. Any member that is being imported from LDAP but has missing values for mandatory fields will not be imported unless the mandatory field has a default value.
9. Enabling logins with Employee ID
You can also sync employee IDs from your Active Directory. In this manner, you can enable users to log in with employee IDs in the place of email addresses.
In order to sync employee IDs, make sure your Active Directory has employee IDs populated in it. Then, map the field corresponding to employee IDs to ‘ID’ in LDAP attributes.
To set employee IDs as the preferred logging in method, set your LDAP Unique Identifier to ‘ID’ in EZOfficeInventory.
Click on ‘Use Employee ID’ to change the identifier from ‘mail’ to ‘ID’.
10. Email alerts for LDAP syncs
You can also set up alerts to be sent after LDAP users are synced. To do so, go to More → Alerts → Members sectionand select the ‘LDAP Users Sync’ option.
This email is only sent to the account owner, admins, and supervisors. You can also send alerts as part of the daily digest. If you click on ‘Sample View’, it shows you the email that will be sent in the alert.
11. What information is synced when LDAP sync takes place?
Only three fields are synced – First Name, Last Name, and the email.
12. Provisioning users as they access EZOfficeInventory
If you don’t import or sync members as detailed above, they’ll be created in EZOfficeInventory and synced as they access.
13. Sign In experience
Your users can use their LDAP Credentials on your Log In screen. If you’d like to remove the ‘Login with Google’ and ‘Login with Windows’ options, you can do so from Settings → Company Settings → Authentication.
Note: User provisioning via multiple sources is not possible at the moment.
For more assistance, drop us an email at support@ezo.io