support@securelynkx.com +91 9310066015


Directory Services


Connect & integrate your organization directories and authenticate your users in your web-applications with SLX Connect directory services.

Directory Integration Solution

Directory Integration allows organizations to connect with their exisiting directories and authenticate users in their cloud and on-premise applications. Active Directory(AD)/LDAP Integration is the most convenient when it comes to directory services, you can easily integrate your Active Directory in the SLX connect user stores. SLX connect Identity Management Features offers easy user provisioning and deprovisioning features for external directories (Active Directory(AD), ADFS, Azure AD, OpenLDAP, Google, AWS Cognito etc.).



FEATURES



Single Sign On For Directory Authenticated Apps

Seamlessly SSO into all your directory authenticated apps without the need to re-enter the credentials in each app


Just In Time User Provisioning

User gets created automatically in SLX connect directory during authentication


Auto-assign Groups

Automatically assign groups to users based on their profile attribute values


Self Service Password Reset

When a user changes their password using SLX connect IdP, the password change gets synchronized with the Active Directory


Real-time Provisioning

User provisioning and deprovisioning can be done in real-time and the changes are directly reflected in the external directories


Integrated Windows Single Sign-On (IWA)

SLX connect IWA solution lets you Single Sign On into connected applications on Windows, given the applications are configured within the domain for SSO


We can connect with any External IDP/Directory


SLX Connect provides user authentication from external directories like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc. It also provides user authentication with other IDPs like Shibboleth, PING, Okta, OneLogin, KeyCloak and many more.




Microsoft AD

Azure AD

SLX connect IDP

ADFS

Google

Shibboleth

PING

Okta

AWS Cognito

KeyClock


One Login

Centrify

BENEFITS


Easy Management

Using the SLX connect platform, the admin can add multiple Active directories and use them as a user store preventing need to manage directories in separate places

Centralized App Management

Administrators can automatically provision and administrate multiple application accounts from one centralized system

Enhanced Security

Improve security by assigning different permissions level on role based with automatic provisioning within apps

Faster Deployment

Each organization has a single domain on which shared account database solutions have to be deployed only once. This makes company-wide deployment faster.

Directory Integration


SLX connect provides user authentication from external directories like Active Directory, LDAP, OpenDS etc. We have simple and easy directory integration solutions for both cloud and on-premise applications. This on-demand integration service allows user authentication, user provisioning, de-provisioning and reporting of usages of application. An important part of this service is SLX connect's directory integration is easy to set up. In addition to this, SLX connect supports thousands of applications and provides a SSO mechanism for the users present in the integrated directory.

Active Directory Flow



Active Directory Workflow:

1. User sends the request to access the resource from application.

2. The Application sends an authentication request to SLX connect.

3. The SLX connect forwards the authentication request to Active Directory via SLX connect Gateway.

4. Active Directory sends the response to application through SLX connect. This response contains the user’s information as well as the authentication status, based on     which the user is given access to the resource.

5. Upon successful authentication, the user is given access to the resource.



Pre-Configured Directories






Allow your users to authenticate against various LDAP implementations like Microsoft Active Directory, OpenLDAP, and other directory systems and provide a login to any of your applications using credentials stored in your LDAP Server.





Connect with your AWS Cognito User Pool and Identity pool to provide authentication, authorization and user management for your web and mobile applications.




Configure your ConnectWise CRM with SLX connect users to Single Sign On into your web and mobile applications.




Connect your existing My SQL, Microsoft SQL, Postgres SQL and other databases with SLX connect and allow your users to perform Single Sign-On without moving into SLX connect.







Authenticate with any HRM Portal or any application which support authentication via APIs.




Provide user authentication and authorization by using RADIUS which verifies user's information (like username and password) by using various authentication schemes like PAP, CHAP, MS-CHAP, MS-CHAPv2 etc. and allows the request to access the system or service.






SLX Connect Identity Server will act as an Identity Provider that connects multiple service providers with existing user stores for authentication. If you want to connect with any other third party database/directory contact us for integration.








To connect your application with Active directory, you need to perform these steps:


1. Connect your Active Directory to SLX Connect.

2. Connect SLX connect to your application using SLX Connect Broker Service.


1. How to connect an Active Directory to your application using SLX Connect ?

  • Login with your SLX Connect account.
  • Navigate to User Stores menu option and click on Add User Store button.


  • Active Directory (AD/LDAP) Integration navigate click on user store button


  • Navigate to AD/LDAP tab and choose either of the following two options:
    • STORE LDAP CONFIGURATION IN SLX Connect: Choose this option if you want to keep your configuration in SLX connect. If active directory is behind a firewall, you will need to open the firewall to allow incoming requests to your AD.
    • STORE LDAP CONFIGURATION ON PREMISE: Choose this option if you want to keep your configuration in your premise and only allow access to AD inside premises. You will have to download and install SLX Connect gateway in your premise.



      Active Directory (AD/LDAP) Integration navigate click on user store button



  • Now, provide the following values:
  • Directory Type:Active Directory.
    LDAP Server URL:Select an appropriate prefiller followed by your AD server URL or IP address
    Bind Account DN:UserPrincipalName/distinguishedName of the account eligible for binding operation.
    Bind Account Password:Password for the account used for binding
    Search Bases:Provide distinguished name of the Search Base object Eg:cn=User,dc=domain,dc=com
    Search Filter:Search filters enable you to define search criteria and provide a more efficient and effective searches. Eg: "(&(objectClass=*)(cn=?))"
  • Select Active Directory from the Directory Drop Down. On basis of your selection all the attributes related to active directory are automatically mapped in the configuration.


  • Active Directory (AD/LDAP) Integration navigate click on user store button


  • Go to AD FS-> Domain-> respective Users -> Properties-> Attribute Editor. Now copy the value of distinguishedName and paste it against Bind Account DN.


  • Active Directory (AD/LDAP) Integration navigate click on user store button


  • Enter the valid password for the user from above step.
  • Search Base is a user search location. It means where to search for a user.


  • Active Directory (AD/LDAP) Integration navigate click on user store button




  • If you want to add extra conditions on user search you can add it in Search Filter. Select a suitable Search Filter from the Drop-Down. To use custom Search Filter select "Custom Search Filter" option and provide the search filter in the input field that shows up.


  • Active Directory (AD/LDAP) Integration navigate click on user store button


  • Enable sync users in SLX connect option if you want on-the-fly user creation of LDAP server users in SLX connect once they authenticate via ldap credentials successfully in the login flow while you are using SLX connect as IDP.


  • Active Directory (AD/LDAP) Integration navigate click on user store button


  • Click on Save. After this, it will show you the list of User stores. Click on Test Configuration to check whether you have enter valid details. For that, it will ask for username and password.


  • Active Directory (AD/LDAP) Integration navigate click on user store button


  • On Successful connection with LDAP Server, a success message is shown.


  • Active Directory (AD/LDAP) Integration navigate click on user store button
  • Click on Test Attribute Mapping.


  • Active Directory (AD/LDAP) Integration navigate click on user store button


  • Enter a valid Username. Then, click on Test. Mapped Attributes corresponding to the user are fetched.


  • Active Directory (AD/LDAP) Integration navigate click on user store button


2. How to connect SLX Connect to your application using SLX connect broker service.

Step 1: Configure Single Sign On Settings in SLX connect

  • From SLX connect admin dashboard, navigate to Apps >> Manage Apps >> Configure Apps. Search for G-Suite in SAML section. Select G-Suite.


  • Directory Services Integration select g-suite application


  • Enter the SP Entity ID as google.com, ACS URL as https://www.google.com/a/<your_domain>/acs.
  • Select the E-Mail Address from the Name ID dropdown and you can also add additional attributes using add attribute option.



  • Directory Services Integration select g-suite application


  • Go to Add Policy section, select DEFAULT from the Group Name dropdown. Enter G-Suite in the Policy Name field.
  • Select PASSWORD from the First Factor Type dropdown and Click on Save to configure G-Suite.



  • Directory Services Integration select g-suite application


  • Click on Metadata link to download the metadata which will be required later. Click on Link to see the IDP initiated SSO link for G-Suite.



  • Directory Services Integration select g-suite application


  • Keep SAML Login URL value and click on Download Certificate to download the certificate which you will require in Step 2.



  • Directory Services Integration select g-suite application


Step 2: Configure G-Suite Settings for SLX connect

  • Login to your G-Suite domain as the Account Administrator.
  • Click the Security Icon.
    Note:If the Security icon is not visible, click More Controls at the bottom of the panel and drag the Security icon into the Admin Console dashboard.



  • Directory Services Integration select g-suite application


  • On the Security menu, select Set up single sign-on (SSO).



  • Directory Services Integration select g-suite application


  • Enter the followind details as shown:


  • Directory Services Integration select g-suite application


    Sign-in page URLEnter the SAML Login URL value that you got from Step 1.
    Sign-out page URLhttps://<your-subdomain>.xecurify.com/moas/idp/oidc/logout?post_logout_redirect_uri=https://gmail.com
    Change Password URLhttps://<your_domain>.xecurify.com/moas/enduserpasswordchange
    Verification CertificateUpload the downloaded certificate.
  • Check Setup SSO with third party identity provider option and click on SAVE.

Step 3: Verify your SSO Settings

  • Go to your G-Suite account and enter your login credentails.
  • You will be redirected to SLX connect login page. Here, enter your active directory credentials and you will be logged in into your G-Suite account.