While MindTouch supports integration with Lightweight Directory Access Protocol (LDAP) and Active Directory (AD) through our Support team, we highly recommend using a SAML implementation instead. SAML implementations provide advanced functionality including group syncing and a true single sign-on (SSO) experience.
How does the AD/LDAP integration work?
Once configured, the AD/LDAP integration allows users to log in to your MindTouch instance with their AD/LDAP credentials, and a MindTouch account is automatically created for them. The AD/LDAP integration supports group synchronization so that you can specify which user groups you want to establish in MindTouch and which users should belong to that group. Associated permissions are applied on the MindTouch side.
How do I put the AD/LDAP integration in place?
When you become a MindTouch customer you'll need to provide the following information to the MindTouch Support team so that they can add the configuration to your MindTouch instance:
In addition, provide the following information as it applies to your AD/LDAP environment:
- Nonstandard port on which you are running AD/LDAP
- If you are running LDAP or AD over SSL
- Authenticated user if your AD/LDAP server doesn't support anonymous querying
- Any additional parameters that may pertain to configuring your system
Whitelist the MindTouch LDAP hostname
Whitelist the following hostname to ensure that you only receive inbound requests into your AD/LDAP server from MindTouch:
When does LDAP synchronize user information?
Direct LDAP synchronization happens on a per-user basis on user login so that users are continually updated. Users and groups are checked and re-synchronized each time a user logs in through AD/LDAP. This allows users and groups to be updated on demand without extraneous updates for users who are not actively using the MindTouch system.