In Blog, Product Updates

Bitium’s Single Sign-On (SSO) service provides companies with the capability to provide a unified set of credentials to leading SaaS-applications. The product provides the ability to consume identity from master directories such as LDAP or Microsoft’s Active Directory®. In this brief article, we’ll show you the simple step-by-step instructions to integrate Bitium via OpenLDAP to JumpCloud’s Directory-as-a-Service.

Initial set-up: Preparing JumpCloud as the LDAP directory

Before Bitium can be integrated with JumpCloud to access the user identities managed in its cloud-based directory, the following steps need to be completed to ensure Bitium can communicate effectively via ldapsearch.

1) Turn the LDAP Service ‘On’

In JumpCloud’s ‘Settings’ enable the LDAP service…

LDAP Service ON

Once enabled. JumpCloud will unveil certain customer-specific data, aspects of which will be required in setting up ldapsearch in the steps below…

ldapsearch

2) Create an LDAP Service User Account

When utilizing LDAP, JumpCloud recommends the use of a binding user service account. This user will act as a true service account, enabling ldap to search the user directory as the Bind DN. To create this user:

  1. Go to Users and ‘Add User’
  2. Fill in the properties of this service account in the manner you wish. An example is below.
  3. Most critically, ensure ‘LDAP binding user service account’ is enabled.
  4. Enter a password for the service account to ensure the account is ‘verified’ and active.

LDAP-binding-user-service-account

With the LDAP Service Account User Created, it’s time to configure Bitium to communicate with JumpCloud’s directory.

3) Configure Bitium to consume identities from JumpCloud’s LDAP service

From the Administrator’s console in Bitium, navigate to the Management selection and choose Security.

Bitium

 

Now, select the Directories option…

security settings

Assuming there are no Directories associated,. you will be prompted to Add a Directory…

not set up directories yet

Select LDAP as the Directory source and Add the Directory…

LDAP add directory

You will then need to configure Bitium with the following parameters and hit ‘Save’…

Server: ldap.jumpcloud.com:636

SSL Tunnel: ON

Base DN: dc=jumpcloud,dc=com

Bind DN: uid=<YOUR LDAP SERVICE ACCOUNT USERNAME>,ou=Users,o=<YOUR ORG ID>,dc=jumpcloud,dc=com

Password: Your Bind User Service Account’s Password

User Object Class: inetOrgPerson

User Search Base: ou=Users,o=<YOUR ORG ID>

User Email Attribute: mail

User Username Attribute: uid

User First Name Attribute: givenName

User Last Name Attribure: sn

Group Object Class: groupOfNames

Group Search Base: ou=Users,o=<YOUR ORG ID>,dc=jumpcloud,dc=com

Forgot Password URL: Can be left blank

 

Once the LDAP connection configurations have been completed successfully, you will be required to log in with your LDAP Bind DN credentials to activate the LDAP connection to JumpCloud.

Finally, once the directory has been set up, proceed to Security>Primary Authentication and ensure you have set JumpCloud’s LDAP as the primary authentication mechanism.

Now complete, Bitium will then go through it’s cycle to import users from JumpCloud via LDAP into it’s own directory, populating the User Directory (seen in ‘Manage Users’) as below:

users overview

 

For more information on JumpCloud’s  LDAP Service, please review these Knowledge base articles or feel free to contact JumpCloud Technical Support for assistance.

Recent Posts