By Greg Keller Posted March 5, 2015
Bitium’s Single Sign-On (SSO) service provides companies with the capability to provide a unified set of credentials to leading SaaS-applications. The product provides the ability to consume identity from master directories such as LDAP or Microsoft’s Active Directory®. In this brief article, we’ll show you the simple step-by-step instructions to integrate Bitium via OpenLDAP to JumpCloud’s Directory-as-a-Service.
Initial set-up: Preparing JumpCloud as the LDAP directory
Before Bitium can be integrated with JumpCloud to access the user identities managed in its cloud-based directory, the following steps need to be completed to ensure Bitium can communicate effectively via ldapsearch.
1) Turn the LDAP Service ‘On’
In JumpCloud’s ‘Settings’ enable the LDAP service…
Once enabled. JumpCloud will unveil certain customer-specific data, aspects of which will be required in setting up ldapsearch in the steps below…
2) Create an LDAP Service User Account
When utilizing LDAP, JumpCloud recommends the use of a binding user service account. This user will act as a true service account, enabling ldap to search the user directory as the Bind DN. To create this user:
- Go to Users and ‘Add User’
- Fill in the properties of this service account in the manner you wish. An example is below.
- Most critically, ensure ‘LDAP binding user service account’ is enabled.
- Enter a password for the service account to ensure the account is ‘verified’ and active.
With the LDAP Service Account User Created, it’s time to configure Bitium to communicate with JumpCloud’s directory.
3) Configure Bitium to consume identities from JumpCloud’s LDAP service
From the Administrator’s console in Bitium, navigate to the Management selection and choose Security.
Now, select the Directories option…
Assuming there are no Directories associated,. you will be prompted to Add a Directory…
Select LDAP as the Directory source and Add the Directory…
You will then need to configure Bitium with the following parameters and hit ‘Save’…
SSL Tunnel: ON
Base DN: dc=jumpcloud,dc=com
Bind DN: uid=<YOUR LDAP SERVICE ACCOUNT USERNAME>,ou=Users,o=<YOUR ORG ID>,dc=jumpcloud,dc=com
Password: Your Bind User Service Account’s Password
User Object Class: inetOrgPerson
User Search Base: ou=Users,o=<YOUR ORG ID>
User Email Attribute: mail
User Username Attribute: uid
User First Name Attribute: givenName
User Last Name Attribure: sn
Group Object Class: groupOfNames
Group Search Base: ou=Users,o=<YOUR ORG ID>,dc=jumpcloud,dc=com
Forgot Password URL: Can be left blank
Once the LDAP connection configurations have been completed successfully, you will be required to log in with your LDAP Bind DN credentials to activate the LDAP connection to JumpCloud.
Finally, once the directory has been set up, proceed to Security>Primary Authentication and ensure you have set JumpCloud’s LDAP as the primary authentication mechanism.
Now complete, Bitium will then go through it’s cycle to import users from JumpCloud via LDAP into it’s own directory, populating the User Directory (seen in ‘Manage Users’) as below:
For more information on JumpCloud’s LDAP Service, please review these Knowledge base articles or feel free to contact JumpCloud Technical Support for assistance.