Contents
NOTE: If your WorkBook is hosted by WorkBook Software this page is irrelevant. |
Introduction
LDAP (Lightweight Directory Access Protocol) allows your users to login using their LDAP/Active Directory credentials instead of having separate credentials for WorkBook.
When enabling LDAP for a WorkBook user some functions are disabled:
- Password changes – you can not change your password from inside WorkBook when using LDAP.
- Forgot password – as we can not change your password, using the forgot password function is disabled.
- Two Factor Authentication is disabled when using LDAP.
Requirements
- A LDAP Compatible Server that allows bind requests.
- This could be Active Directory
- On-Premises Installation
- WorkBook needs a direct connection to the LDAP Server.
It is recommend that LDAP Server and WorkBook is at the same location.
- WorkBook needs a direct connection to the LDAP Server.
Configurations
There are two steps to configuring LDAP in WorkBook, first is the general configuration controlling how LDAP functions, and lastly we need to use configure the individual users.
Enabling LDAP
First step is updating the server used for authenticating against LDAP, you need to set system variable: 845 (LDAPServerName) to the name of your server.
If you are using Active Directory, inputting the Domain Name will be enough, example: contoso.mstsc
Secondly you need to enabled system variable: 844 (AllowLDAPAuthentication), this will display the various fields across WorkBook related to LDAP.
Re-log after you enabled the system variable or certain required fields wont be visible.
Enabling LDAP Login on a user
Opening up Employee settings after enabling LDAP will show a small check box “Is LDAP User”, if you check this checkbox LDAP login will be enabled for the user.
By default your login Username is used for LDAP Authentication, but you can overwrite this behavior by defining a “Domain log-in name”. (Only applies from version 8.3.6)
Notes
When WorkBook attempts to Authenticate against a LDAP Directory we simply “Bind” to the LDAP using the user credentials.
Microsoft Windows Active Directory tries a list of multiple different username formats before rejecting a bind request, you can see this list here.