Skip to main content

Tutorial: Integrate Access Server with JumpCloud using LDAP

Abstract

How to integrate Access Server with JumpCloud using LDAP.

Overview

You can integrate Access Server with JumpCloud's Directory-as-a-Service using the LDAP protocol.

Prerequisites

  • Installed Access Server

  • JumpCloud Directory-as-a-Service account.

Step 1: Create and configure a bind user

Begin by creating a user in JumpCloud that will make the handshake and has the authority to scan the LDAP tree. This is called the Bind User.

  1. Sign in to the JumpCloud console.

  2. Create a new user through Manual user entry.

  3. Define the following:

    1. Username: Enter a unique name such as "LDAP."

    2. Email: JumpCloud requires each user to have a unique email.

    3. Click on Specify initial password, rather than sending a welcome email , and define the Bind User's password.

    4. Click on Enable as LDAP Bind DN. (If you receive a pop-up that your user must also be enabled in the JumpCloud LDAP directory, click OK.)

    5. Save your user.

  4. Click on the newly created bind user to open the details.

  5. Under LDAP Distinguished Name, copy the information for Access Server steps below.

Step 2: Set up Access Server for LDAP

  1. Sign in to your Admin Web UI.

  2. Click Authentication.

    • The General Settings tab displays.

  3. Click the LDAP tab.

  4. Set Enable LDAP authentication to Enabled.

  5. Fill out the LDAP settings:

    Connect to LDAP servers with SSL

    On

    Primary server

    ldap.jumpcloud.com

    Authenticate with username/password for initial bind

    On

    Bind DN username

    The username for your JumpCloud bind user.

    Password

    Enter the password you defined for your Bind User.

    Base DN for user entries

    Copy and paste the LDAP query from your bind user, starting with "ou=Users". Example: ou=Users,o=[ORGANIZATION_ID],dc=jumpcloud,dc=com

    Username Attribute

    uid

  6. Click Save and Restart.

Step 3: Set LDAP as the Access Server authentication method

You can set LDAP as the default authentication method or as the method by users or groups.

When you set it as the default authentication method, all users authenticate via LDAP unless their group or user authentication method overrides it. When you set it as the group authentication method, all users in the group authenticate via LDAP unless their user authentication method overrides it. When you set it as the user authentication method, the user authenticates via LDAP.

Option 1: Set LDAP as the default authentication method

  1. Sign in to the Admin Web UI.

  2. Click Authentication.

  3. From the General Settings tab, set the Default authentication system to LDAP.

  4. Click Save and Restart.

Option 2: Set LDAP as a group's authentication method

  1. Sign in to the Admin Web UI.

  2. Click Groups.

  3. Click the username or edit button for the group you want to assign to the LDAP authentication method.

  4. Select LDAP for the Auth method.

  5. Click Save and Restart.

Option 3: Set LDAP as a user's authentication method

  1. Sign in to the Admin Web UI.

  2. Click Users.

  3. Click the username or edit button for the user you want to assign to the LDAP authentication method.

  4. Select LDAP for the Auth method.

  5. Click Save and Restart.

Step 4: Assign JumpCloud users to LDAP directory

For Access Server to find your JumpCloud users, they must be enabled in the JumpCloud LDAP directory. If they are not, you can do so by clicking on Directories/LDAP, clicking on JumpCloud LDAP , and selecting them under the Users tab. You can also do this one user at a time from the Users section.

Now that your users are enabled in the LDAP directory and you have set up your Access Server to authenticate over LDAP, they can sign in to your VPN using their JumpCloud credentials.

In this section: