This feature describes how to configure accelQ to connect with your enterprise LDAP for authentication. By default, accelQ uses an OAuth based native authentication mechanism. If you need to override this with your own LDAP implementation, read through this article.
LDAP configuration is setup at a tenant level. It is important to note that, even when you configure LDAP for your tenant, accelQ continues to allow either form of authentication for the users on the tenant. This is helpful in situations where the enterprise may have a mix of external resources (without LDAP entry) who may need access to the accelQ instance.
Once you configure LDAP settings on accelQ, you can make a decision on authentication type at a user level. When you create a new user, decide if a particular user will be an LDAP authenticated user or accelQ authenticated. You can also switch a user's authentication from LDAP to accelQ and vice-versa, as needed.
To configure LDAP, you need tenant admin privileges.
- Login to accelQ as a tenant admin and open the Configuration modal.
- Click on LDAP Configuration in the left nav.
- Enable LDAP configuration and provide necessary LDAP config info.
You can test the connection to LDAP while configuring, to make sure the connection information is valid and that the accelQ server is able to establish communication.
Note: When you enable LDAP authentication, existing users will continue to point to accelQ native authentication. You can switch these users to LDAP auth by following the steps in the next section.
Switching authentication mode for a user
To switch a user from LDAP to accelQ auth or vice versa,
- Login as tenant administrator and open Configuration modal
- Navigate to Manage Users
- Click on the ellipsis menu of the required user and select Edit Profile
- Select the authentication type in the User Profile form.
If you are switching from accelQ to LDAP authentication, furnish the LDAP user name for this user.
Note: For an LDAP authenticated user, either the LDAP user ID or the account email address can be used for logging in. Password will be same as LDAP password.
If you are switching a user from LDAP authentication to accelQ authentication, user will be required to set their password by following Forgot Password process (from the login page of accelQ)
User Creation and Password Management
Note that even with LDAP configured, it is required that you create the user on accelQ and assign a subscription license. While you do so, you can choose between LDAP auth and accelQ authentication.
Also, for an LDAP authenticated user, password management is external to accelQ. Follow your usual enterprise password management process.