Leveraging an LDAP Server

This topic provides an overview of the ways Anzo can leverage a central directory server (LDAP).

There are two methods by which Anzo can leverage your LDAP server: Direct Authorization and Single Sign-On (SSO). The diagram below shows the procedures that are followed for both methods. The left side of the diagram (the numbered steps) shows the direct authorization method. The right side of the diagram (the lettered steps) shows the SSO method. The table below the diagram describes the processes for each method.

Direct Authorization Single Sign-On
  1. A new (unknown) user navigates to the Anzo application.
  2. Anzo redirects the user to a login form. The user supplies credentials and submits the form.
  3. Anzo queries the LDAP for the user and group membership.
  4. Anzo redirects the user to the application with the appropriate roles applied.
  1. A new (unknown) user navigates to the Anzo application.
  2. Anzo redirects the user to the SSO provider. The SSO provider controls authentication validation.
  3. Depending on the policy, the SSO provider presents a login in screen for the user to complete and submit.
  4. As needed, the SSO provider validates the credentials with the LDAP server.
  5. The SSO provider authenticates the Anzo session with a callback.
  6. Anzo fetches group information from the LDAP server.
    NoteFor SSO-configured systems, Anzo currently requires direct access to the LDAP directory (and a bind user) to look up groups.
  7. Anzo redirects the user to the application with the appropriate roles applied.

For information about connecting to a central LDAP server, see Connecting to a Directory Server. And for information about setting up an SSO provider, see Configuring SSO Access.

Related Topics