LDAP is a protocol for applications to integrate directory data from a centrally hosted database. There are two main actions for applications that connect to LDAP are bind and search. Bind is used to authenticate access to the database and can be done for individual users or through a generic binder account. Search is a customizable way to get the directory data for users and/or groups.
RADIUS is a protocol commonly used for authenticating users onto a local network or VPN. Normally, users log into a Wi-Fi network using a shared password. With RADIUS, they log into the network using an individual username and password. Additionally, RADIUS can send custom response attributes for each user to segment them on a particular sub-network.
Foxpass has multiple integrations for third party directories. Generally, Foxpass uses Google Workspace or Office 365 as its base directory. This means that we treat Google Workspace or Office 365 as the central source of truth for user validity.
Additionally, we can set up an ongoing sync between those directories, or ones from Okta, or OneLogin. This sync imports all user and group directory information from the third party into Foxpass on an ongoing basis. This will automatically add/disable users and control group membership.
Finally, Foxpass can delegate authentication to these same sources as well as custom backends. This way, when a user tries to authenticate to Foxpass via LDAP, RADIUS, or our API, we pass the authentication request back to the delegated directory. Foxpass essentially acts as a proxy for your main authentication source.
Absolutely! For instance, we can help extend your LDAP server to support RADIUS logins. That being said, we think you can get the most value out of Foxpass by consolidating your directory information with us, ensuring that your data will always be available and easy to manage.
We don't, but we highly recommend it. That way you can ensure that if a user's Foxpass password is compromised, the attacker cannot log into the account to change it and lock the user out. Additionally, using Google Workspace or Office 365 to sign in makes it easy for users to self service any SSH key uploads or password changes.
We try to be as flexible as possible with our servers so as many applications as possible can connect to us. Just check the left hand sidebar to see if application, operating system, or hardware is documented. Even if it's not listed, you may be able to follow generalized instructions to get things up and running. If you still need help, just email us at [email protected] or click the blue Intercom button in the bottom right hand corner to live chat with us.
Foxpass has 3 types of users, Standard, Posix, and Engineer. Standard users have basic access to all LDAP, RADIUS, and API authentication. Posix users are the same as standard users, but have extra POSIX information associated with them for LDAP requests. This is required for some systems like Mac OSX logins or Linux machines. Engineer users have the ability to manage SSH keys in Foxpass and use them to log into servers. They also have POSIX information associated with their account.
First, double check the instructions to make sure everything is configured correctly. Then, check our LDAP or RADIUS logs to make sure that your requests are actually hitting our servers. If they are, then make sure you're using the correct password. If the logs say that we're checking a local password, that means we're checking the password set in Foxpass. Otherwise, we'll say what directory we're delegating to.
Updated 6 months ago