The Foxpass Developer Hub

Welcome to the Foxpass developer hub. You'll find comprehensive guides and documentation to help you start working with Foxpass as quickly as possible, as well as support if you get stuck.

Get Started    API Reference

OpenVPN AS via LDAP

OpenVPN AS authentication with LDAP, powered by Foxpass.

Here's how to set up OpenVPN AS authentication with LDAP, powered by Foxpass.

First, log into Foxpass and do the following:

  1. Note your Base DN on the dashboard page. Copy/paste it somewhere.
  2. Create an LDAP Binder account with the name 'openvpn' on the LDAP binders page. Copy/paste the generated password! It is only displayed once.

OpenVPN AS LDAP configuration:

  • Primary Server: ldap.foxpass.com
  • Secondary Server: (leave blank)
  • Enable "Use SSL to connect to LDAP servers"
  • Credentials for initial bind: "Use these credentials"
  • Bind DN: cn=openvpn,[ your base dn ] (i.e. cn=openvpn,dc=example,dc=com)
  • Password: [ binder password from above ]
  • Base DN for User Entries: ou=people,[ your base dn ] (i.e. ou=people,dc=example,dc=com)
  • Username Attribute: uid
  • OPTIONAL: To limit access to a certain group, set Additional LDAP Requirement to memberOf=cn=[ group name ],ou=groups,[ your base dn ] (i.e. memberOf=cn=vpn,ou=groups,dc=example,dc=com)
  • OPTIONAL, but highly recommended: Configure OpenVPN to use two-factor authentication using Google Authenticator.
  • OPTIONAL, but highly recommended if you have MFA enabled in Foxpass or your delegated authentication method: Increase the timeout that OpenVPN waits for a response from the LDAP server. This is important because it can take some time for a user to respond to an MFA push notification. We recommend increasing the timeout to something long enough for the user to respond to the push notification, like 60 seconds. You can increase the timeout default of 4 seconds by running these commands:
./sacli --key "auth.ldap.0.timeout" --value <SECONDS> ConfigPut
./sacli start

Users will log-in with their username (i.e. 'bob', not 'bob@example.com') and their "Foxpass" password. If they haven't set a "Foxpass" password, please direct them to this page to set one.

OpenVPN AS via LDAP


OpenVPN AS authentication with LDAP, powered by Foxpass.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.