Using LDAP Authentication
Scott Wojtowicz, Last modified by Scott Wojtowicz November 11 2016 11:52 AM
Our Streaming Video Platform now offers LDAP Authentication for our customers. If you are interested in setting up LDAP Authentication for your institution, please fill out the attached form below and submit to firstname.lastname@example.org.
What is LDAP?
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. A common use of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users. This has been a major benefit that allows a central place to update and change user passwords.
What will be supported?
Infobase will support LDAP and LDAP over SSL (LDAPS, aka secure LDAP) for its video platform, which includes Learn360, Films On Demand, Access Video On Demand, and Classroom Video On Demand.
How will it work?
A one-time setup process will be required to enable a connection between an accounts's LDAP server and the Infobase video platform. Once the LDAP server is enabled, the client will be required to use their unique authenticated URL directly or our SSO Query String Parameters to take advantage of LDAP. The information contained in this access URL will allow Infobase to connect their account correctly based on the Account ID present in the URL.
To sign-in with a user, simply use the login box or add a username and password to the string:
When any user within an account with an established LDAP connection logs in with their pre-defined username and password, Infobase will send a request to the client's LDAP server to verify they are a valid user. As part of this "handshake" process, and LDAP session will be initiated by connecting to the LDAP server, called a Directory System Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS. The login page will then send an operation request to the server, and the server will send a response in return back to our system. From there, the process differs depending on whether or not a user match was found in both the LDAP server and our Video platform.
If a User Match is Found:
If the username and password entered already exists in the platform database, and it matches a valid account on the LDAP server, it will be assumed that it is the same user account and the user will automatically be logged into the video platform.
If No User Match is Found:
If the system determines that the user is valid based on their LDAP information but there is no corresponding user found in the Infobase universe, an account will be created in our database and all user profile attributes will be updated.
In this scenario, all new accounts will be redirected to a page that asks them is they already have a different video platform account before using their LDAP credentials to create a new user. If the have one and enter the information, the two accounts will be linked. This is a one-time event for ever new user.
If they choose to create a new account, their LDAP credentials will be used for creation. If the client did not set up role mapping, all new accounts will be created as students by default.
If the account chooses to use LDAP, all new user accounts will be created as part of this simple authentication process. Account Admins will not have to set up user accounts within the Infobase video platform ahead of time.
User Prefix & Automatic New User Creation
To ensure your requested usernames are not previously in use, we recommend you provide our Support Team with a unique User Prefix that we can add to every username being created for your Account. If you utilize the Prefix feature, we can also enable your account to bypass the New User Creation Screen entirely. The system will instead created a new user account with the prefix and log them in directly.