LDAP stands for Lightweight Directory Access Protocol, and it integrates directory data from a centrally hosted database. The two main actions are bind and search. Both help applications connect to LDAP. Bind is used to authenticate access to the database and can be done for individual users or through a generic binder account. Search is a customizable way to get the directory data for users and groups.
RADIUS is a protocol commonly used for authenticating users onto a local network or VPN. Usually, users log into a Wi-Fi® network using a shared password. With RADIUS, they log into the network using an individual username and password. Additionally, RADIUS can send custom response attributes for each user to segment them on a particular sub-network.
Foxpass has multiple integrations for third-party directories. Generally, Foxpass uses Google Workspace or Office 365 as its base directory because these sources are the central foundation of truth for user validity.
Additionally, we can set up ongoing syncs between those directories from Okta or OneLogin. This sync imports all user and group directory information from the third party into Foxpass on an ongoing basis. To add, syncing will automatically add/disable users and control group membership.
Finally, Foxpass can delegate authentication to these same sources as well as custom backends. This way, when a user tries to authenticate to Foxpass via LDAP, RADIUS, or our API, we pass the authentication request back to the delegated directory. Thus, Foxpass essentially acts as a proxy for your primary authentication source.
Absolutely! For instance, we can help extend your LDAP server to support RADIUS logins. That being said, you can get the most value by consolidating your directory information with Foxpass, assured that your data will always be available and easy to manage.
We don't, but we highly recommend it. That way, you can ensure that if a user's Foxpass password is compromised, the attacker cannot log into the account to change it and lock the user out. Additionally, using Google Workspace or Office 365 to sign in makes it easy for users to self-service any SSH key uploads or password changes.
We try to be as flexible as possible with our servers to connect to more and more applications. Just check the left-hand sidebar to see if we listed the application, operating system, or hardware. Even if it's not there, you may be able to follow generalized instructions to get things up and running. If you still need help, email us at [email protected] or click the blue Intercom button in the bottom right-hand corner to live chat with us.
Foxpass has three types of users, Standard, Posix, and Engineer. Standard users have basic access to all LDAP, RADIUS, and API authentication. Posix users are the same as Standard users but have extra POSIX information for LDAP requests. Some systems like macOS logins or Linux machines sometimes require POSIX information. Lastly, Engineer users can manage SSH keys in Foxpass and use them to log into servers. Engineer users also have POSIX information associated with their accounts.
First, double-check the instructions to make sure everything is configured correctly. Then, check our LDAP or RADIUS logs to ensure that your requests are hitting our servers. If they are, then make sure you're using the correct password. If the logs say that we're checking a local password, that means we're reviewing the password set in Foxpass. Otherwise, we'll say what directory we're delegating towards.
Updated 6 months ago