Sync With LDAP

This document provides a step-by-step guide on how to synchronize an LDAP directory with Foxpass. The synchronization process ensures seamless user provisioning, de-provisioning, and group membership management within Foxpass, reflecting the changes made in the LDAP directory.

Prerequisites

  • LDAP server details: Address, bind DN, bind password.
  • Base DN for searching users and groups in LDAP.

Steps

  • Go to the Sync page of Foxpass.
  • Click on the dropdown next to 'Select synchronization provider' and select 'LDAP'.
Choose 'LDAP'

Choose 'LDAP'

  • To sync users, click 'Yes' 'User Sync: Automatically synchronize users with LDAP?
LDAP user sync

LDAP user sync

  • Enter your LDAP URI, Base DN, bind user, and bind password. Other entries are optional and you can fill them as per your use case. Choose 'OpenLDAP' or 'Active Directory' for 'LDAP Protocol' according to your needs.

  • Click 'Save'

    Enter LDAP details

    Enter LDAP details

  • Click 'Sync Now' button. You will see a confirmation dialog.

Click 'Sync Now'

Click 'Sync Now'

  • Click 'Ok'.
  • Check sync status under 'LDAP sync info'.
  • Now, you can see synced users on the Users page.

Sample Users page with synced users from Google

Sample Users page with synced users from LDAP

  • To sync groups, select 'Yes' from the dropdown for 'Group Sync' option, authorize account for group sync and then click 'Sync Now' button. The LDAP groups will be synced to Foxpass and can be seen on the Groups page.

Sync Groups from Okta

Synced Groups from LDAP



Optional: Enable Allowed Users list via Group Membership

If you have group sync enabled, you can add an allowed users list from specific groups. This is useful for organizations that only want a subset of their directory to have access to Foxpass. Once group sync is enabled, you'll see a field to mark any groups allowed to be synced. During the group sync process, any users that are not a member of one of those groups are automatically marked as "inactive."

Enable Allowed Users list

Enable Allowed Users list

Optional: Enable Non Allowed Users list via Group Membership

If you have group sync enabled, you can have a list of non-allowed users that belong to specific groups. This is useful for organizations that have a large number of machine or role accounts that don't need access to Foxpass. Once group sync is enabled, you'll see a field to mark any groups to be ignored from syncing. During the group sync process, any users that are a member of one of those groups are automatically marked as "inactive."

Enable Non Allowed Users

Enable Non Allowed Users

Optional: Configure subdomains

Foxpass allows you to sync usernames with LDAP and includes an option to edit subdomains. Click on 'Edit Subdomains' button and specify subdomains or use wildcard subdomains (e.g., *.domain.com). Foxpass will include users from these subdomains, ensuring comprehensive user synchronization across your organization.

Configure subdomains

Configure subdomains