LDAP Authentication

Simplify Your Identity Management and Access Control

Integrate OpenVPN Access Server with Directory-as-a-Service

As your company grows, you’ll need to make adjustments to your business processes and systems in order to keep up with your growth. An important area that should change with growth is access control and identity management..

What works for a small group of five employees, all working under the same roof, won’t work when that group expands to 500 employees all scattered around the world.

When you experience growth, you need to address identity management and access control. For strong security, it’s important to differentiate between roles. The resources needed by one employee are not the same as those by another, or by freelancers, contractors, and part-timers. You need a way to control who gets access to what and enforce those controls — especially when they are working remotely.

When you start adopting new tools and applications for your business, the authentication process can become a hassle. Both for you and for your employees. It’s essential to find different ways to streamline the login process. And when you have dozens of employees, it’s also important to find new ways to make sure everyone is practicing good password habits — you no longer have the option of just reminding them at lunch.

There is no one solution that can streamline all of this for you while still offering you the powerful security your business needs — but taking a layered approach by combining OpenVPN Access Server with a directory-as-a-service such as JumpCloud can provide you with streamlined scalability and seamless access, whether your team is at office or telecommuting.

Identity Management and Access Control

How it Works

Combining OpenVPN Access Server with JumpCloud helps you to implement identity management and access control for your workforce. JumpCloud offers DaaS (Directory-as-a-Service) which simplifies your entire identity management process.

Integrating these two solutions provides seamless connectivity between the JumpCloud cloud-based identity and access management services and OpenVPN’s Access Server, providing businesses with control over user access to VPN-protected resources.

When you link JumpCloud, its service gives you the ability to manage the following:

  1. Enforce secure passwords
  2. Set up password rotations
  3. Set rules on password length, originality and complexity
  4. Add Multi-Factor Authentication (MFA)
  5. Support multiple authentication protocols for all users within the directory (SaaS applications can authenticate via SAML; OpenVPN Access Server can authenticate via LDAP, etc)

If you need the latest version of Access Server to set up LDAP authentication, click on Get OpenVPN in the upper right corner of your screen.

OpenVPN Access Server + JumpCloud in Action

Take for instance a rapidly growing web content publishing company that provides custom content and general articles for high-traffic websites and portals. A majority of their employees are part-time or freelance contractors that work remotely from their homes. The company uses OpenVPN Access Server to provide VPN access, so remote workers can securely access the HQ corporate network systems that run publishing workflow, timekeeping, and payroll services.

The company has plans to expand worldwide and adopt SaaS tools (like Adobe Creative Cloud and other programs like it) to replace some of their legacy tools. But as the number of their employees grows, it is becoming much more complicated to maintain user accounts in local OpenVPN Access Servers — and the complexity will only increase when they add more Access Servers at new locations.

They needed to be able to:

  • Store employee and contractor information in a central place instead of configuring it locally in each Access Server
  • Differentiate between contractors and employees, and restrict contractors to only use specific services and SaaS applications provided by HQ network
  • Allow their employees and contractors to use the same credentials for VPN access as well as SaaS access.
    Ensure that their employees and contractors take adequate precautions while setting passwords and take other measures to strengthen identity protection.

The Solution:

The company centralized their identity management by using JumpCloud’s Directory-as-a-Service Solution. They created a ‘Contractor’ Group in their JumpCloud directory and assigned the contractors’ users account to it. This group could access a specific set of SaaS and corporate applications. They didn’t need as much access as full-time employees.
Then they set up OpenVPN Access Server to use secure LDAP authentication. With the use of a JumpCloud Bind User, they could manage the group permissions for their ‘Contractor’ group by mapping them from Access Server to JumpCloud.

Because JumpCloud’s service is a managed solution, the customer’s IT department does not have to install, maintain, or grow the LDAP servers or the rest of the directory infrastructure.

They also strengthened Identity security with password rules. Centralized identity management helped them to reduce operational complexity. Employees and contractors appreciate that they can use the same credentials (username/password) to access VPN-protected resources in the corporate network, and log into authorized SaaS applications. Based on the Group that the employee/contractor is a member of, appropriate access to both SaaS and network services are provided.

How to Integrate

OpenVPN Access Server (version 2.6.1 and higher) and JumpCloud Directory-as-a-Service integration is now live, making it possible to give users a single identity for all of their access needs, while still providing streamlined remote access and unmatched network security. JumpCloud’s platform-independent cloud directory approach supports Mac, Windows, and Linux systems along with other platforms, such as G Suite™ and Office 365™.

Ready to connect your JumpCloud Directory with OpenVPN Access Server? You can watch the webinar above or read the detailed steps to set it up here:
Steps to integrate OpenVPN Access server with JumpCloud using LDAP-as-a-Service.

Additional documentation: OpenVPN documentation for configuring VPN for LDAP authentication.

TL;DR: By integrating OpenVPN Access Server with JumpCloud, you can combine powerful security with simple scalability:

LDAP + VPN combines the best of both worlds

Employees can use the same login info across the board — and security is stronger than ever.

LDAP-As-A-Service maximizes VPN security & simplicity

These two powerful tools combined can simplify – and secure – your network resources.

Do more for your team with LDAP + VPN authentication

Ease of use for your team and a powerful resources for IT.

OpenVPN Access Server can provide ultimate security with JumpCloud's ease and efficiency.

Share this story: