• State Not Answered
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 857 views
  • Users 0 members are here
Options
Related

Google LDAP (or any Cloud Directory) for Identity source

derrick_23361
over 1 year ago

I am trying to set a Google LDAP for Identity source in our SPP.

Can SPP use cloud directories for this? I already checked the documentation and the guide there seems to be on prem in particular.

Are there any guide available specifically for Google LDAP?

Parents Reply Children
  • 0 over 1 year ago in reply to derrick_23361

    Hi, 

    What I found is that SPP supports OpenLDAP 2.4 only when using the LDAP option correct.

    I am not sure how Google LDAP is implemented but if it does not support OpenLDAP 2.4 then it will likely not work.

    SPP also supports External Federation which is how we currently integrate with for example Azure AD.

    Safeguard for Privileged Passwords supports the SAML 2.0 Web Browser SSO Profile, allowing you to configure federated authentication with many different STS servers and services, such as Microsoft's AD FS. Through the exchange of the federation metadata, you can create a trust relationship between the two systems. Then, you will create a Safeguard for Privileged Passwords user account to be associated with the federated account. When an end user logs in, they will be redirected to the external STS to enter their credentials and perform any two-factor authentication that may be required by that STS. After successful authentication, they will be redirected back to Safeguard for Privileged Passwords and logged in.

    So this could be another way to configure authentication via external federation rather than LDAP.

    https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-passwords/7.1/administration-guide/137#TOPIC-1918525

    Thanks!

  • 0 over 1 year ago in reply to Tawfiq.Ahmad

    Hi,

    Yup, I already configured the external federation. But I was thinking of setting up LDAP so that it can be an IdP for SPP, and we can pick up the users from Google LDAP. 

  • 0 over 1 year ago in reply to derrick_23361

    Ah ok, that makes sense. The way this use case currently works for Azure AD is via our Starling Cloud service where you can integrate Azure AD in Starling and then use Starling as the Identity provider which can pull the users from Azure AD that way but that is also limited to Azure AD at the moment.

  • 0 over 1 year ago in reply to Tawfiq.Ahmad

    So I am testing this out currently. Google LDAP requires that the base dn is sent out to it. The Base DN field is not showing in the LDAP configuration page. Is there a way to send out the Base DN in the configuration page? The LDAP Config page only has Network address, Service Account DN, and Service Account password.

  • 0 over 1 year ago in reply to derrick_23361

    There is no option to specify the Base DN when adding the LDAP provider. 

    You can raise a support request for an enhancement to add support for Google LDAP as an Identity provider for consideration in a future release of SPP.

    Thanks!