Skip to main content

Tutorial: Integrate Access Server with JumpCloud using LDAP

Abstract

How to integrate Access Server with JumpCloud using LDAP.

Overview

You can integrate Access Server with JumpCloud's Directory-as-a-Service using the LDAP protocol.

  • Installed Access Server

  • JumpCloud Directory-as-a-Service account.

Begin by creating a user in JumpCloud that will make the handshake and has the authority to scan the LDAP tree. This is called the Bind User.

  1. Sign in to the JumpCloud console.

  2. Create a new user through Manual user entry.

  3. Define the following:

    1. Username: Enter a unique name such as "LDAP."

    2. Email: JumpCloud requires each user to have a unique email.

    3. Click on Specify initial password, rather than sending a welcome email , and define the Bind User's password.

    4. Click on Enable as LDAP Bind DN. (If you receive a pop-up that your user must also be enabled in the JumpCloud LDAP directory, click OK.)

    5. Save your user.

  4. Click on the newly created bind user to open the details.

  5. Under LDAP Distinguished Name, copy the information for Access Server steps below.

  1. Sign in to your Admin Web UI.

  2. Click Authentication > LDAP.

  3. Fill out the LDAP settings:

    Primary server

    ldap.jumpcloud.com

    Use SSL to connect to LDAP servers

    Yes

    Credential for Initial Bind

    'Yes' for Use these credentials

    Bind DN

    Copy and paste the LDAP Distinguished Name LDAP query from your JumpCloud Bind User. Example: uid=LDAP,ou=User,o=[ORGANIZATION_ID],dc=jumpcloud,dc=com

    Password

    Enter the password you defined for your Bind User.

    Base DN for User Entries

    Copy and paste the LDAP query from your bind user, starting with "ou=Users". Example: ou=Users,o=[ORGANIZATION_ID],dc=jumpcloud,dc=com

    Username Attribute

    uid

  4. Click Yes for Enable LDAP authentication.

You can set LDAP as the default authentication method or as the method by users or groups.

When you set it as the default authentication method, all users authenticate via LDAP unless their group or user authentication method overrides it. When you set it as the group authentication method, all users in the group authenticate via LDAP unless their user authentication method overrides it. When you set it as the user authentication method, the user authenticates via LDAP.

  1. Sign in to the Admin Web UI.

  2. Click Authentication > Settings.

  3. Select LDAP for Default Authentication System.

  1. Sign in to the Admin Web UI.

  2. Click User Management > Group Permissions.

  3. Click More Settings for the appropriate group.

  4. Select LDAP for the Auth method.

  1. Sign in to the Admin Web UI.

  2. Click User Management > User Permissions.

  3. Click More Settings for the appropriate user.

  4. Select LDAP for the Auth method.

For Access Server to find your JumpCloud users, they must be enabled in the JumpCloud LDAP directory. If they are not, you can do so by clicking on Directories/LDAP, clicking on JumpCloud LDAP , and selecting them under the Users tab. You can also do this one user at a time from the Users section.

Now that your users are enabled in the LDAP directory and you have set up your Access Server to authenticate over LDAP, they can sign in to your VPN using their JumpCloud credentials.