Skip to main content

Tutorial: Integrate Access Server with JumpCloud using LDAP

Abstract

How to integrate Access Server with JumpCloud using LDAP.

Overview

You can integrate Access Server with JumpCloud's Directory-as-a-Service using the LDAP protocol.

Prerequisites

  • Installed Access Server

  • JumpCloud Directory-as-a-Service account.

Step 1: Create and configure a bind user

Begin by creating a user in JumpCloud that will make the handshake and has the authority to scan the LDAP tree. This is called the Bind User.

  1. Sign in to the JumpCloud console.

  2. Create a new user through Manual user entry.

  3. Define the following:

    1. Username: Enter a unique name such as "LDAP."

    2. Email: JumpCloud requires each user to have a unique email.

    3. Click on Specify initial password, rather than sending a welcome email , and define the Bind User's password.

    4. Click on Enable as LDAP Bind DN. (If you receive a pop-up that your user must also be enabled in the JumpCloud LDAP directory, click OK.)

    5. Save your user.

  4. Click on the newly created bind user to open the details.

  5. Under LDAP Distinguished Name, copy the information for Access Server steps below.

Step 2: Set up Access Server for LDAP

  1. Sign in to your Admin Web UI.

  2. Click Authentication > LDAP.

  3. Fill out the LDAP settings:

    Primary server

    ldap.jumpcloud.com

    Use SSL to connect to LDAP servers

    Yes

    Credential for Initial Bind

    'Yes' for Use these credentials

    Bind DN

    Copy and paste the LDAP Distinguished Name LDAP query from your JumpCloud Bind User. Example: uid=LDAP,ou=User,o=[ORGANIZATION_ID],dc=jumpcloud,dc=com

    Password

    Enter the password you defined for your Bind User.

    Base DN for User Entries

    Copy and paste the LDAP query from your bind user, starting with "ou=Users". Example: ou=Users,o=[ORGANIZATION_ID],dc=jumpcloud,dc=com

    Username Attribute

    uid

  4. Click Yes for Enable LDAP authentication.

Step 3: Assign JumpCloud users to LDAP directory

For Access Server to find your JumpCloud users, they must be enabled in the JumpCloud LDAP directory. If they are not, you can do so by clicking on Directories/LDAP, clicking on JumpCloud LDAP , and selecting them under the Users tab. You can also do this one user at a time from the Users section.

Now that your users are enabled in the LDAP directory and you have set up your Access Server to authenticate over LDAP, they can sign in to your VPN using their JumpCloud credentials.

In this section: