Skip to main content
EMS Software, LLC

LDAP Authentication

Overview

Lightweight Directory Access Protocol (LDAP) is an application protocol for querying directory information.  The LDAP Authentication method provides single-sign-on capability using your organization’s LDAP environment and can be used in both intranet and internet deployments of Virtual EMS. 

When a user logs-into Virtual EMS with their User ID and Password, their credentials are authenticated against LDAP and compared against corresponding user information recorded in the Network ID and/or External Reference fields of your EMS Web User records.  If a match exists, the Web User will be logged-into Virtual EMS inheriting any Web Process Template rights that their LDAP Group has been assigned to.

Note:  The Virtual EMS LDAP-Web Process Template assignment process requires that your implementation of LDAP stores group information (e.g. staff, student, department, etc.) as a Directory Service object containing a property (i.e. member) that contains the users that belong to your various groups. 

Note:  The Field Used to Authenticate Web User Virtual EMS Parameter (within System Administration > Settings > Parameters (Virtual tab)) is used by Virtual EMS to determine which value should be used for authentication.

Configuration

  1. Log-into Virtual EMS with a Web User that belongs to a Web Security Template containing the Web Administrator role (Configuration > Web > Web Security Templates).
  2. Redirect your browser to: 

    http://[ServerName]/ VirtualEMS/LDAPConfiguration.aspx
    (replace [ServerName] with the name of your web server)

  1. Go to the Security tab.
  2. Select the Authenticate users via LDAP checkbox to enable LDAP authentication.
  3. Select the Use LDAP to assign Process Templates checkbox if LDAP will be used to assign Web Process Templates to your Web Users.
  4. Use advanced communication options:  Skip this step for Active Directory environments.  Enabling this checkbox requires that you complete the settings on the Communication Options tab.
  5. In the Path for LDAP Query field, specify a valid LDAP path (example – LDAP://YourCompany.com)
  6. List of Domains:  Skip this step if your organization uses a single domain.  Otherwise, provide a comma separated list of your domains.
  7. In the LDAP Domain\User field, enter a Domain User account  that has rights to query LDAP (example – YourDomain\User)  
  8. In the Password field, enter a valid Password for the User Account entered in the previous step.
  9. Specify the appropriate LDAP Authentication Type for your environment.

Note:  The other tabs (Communication Options, Core Properties, Non-AD Config and LDAP Queries) should only be edited with assistance from our Support Department when special circumstances arise with unique configurations of LDAP.

  1. Click Save

Note:  If you want Web Users to inherit Web Process Templates based on the LDAP Group(s) they belong to, proceed to Step #13.  Otherwise, you have completed the configuration process.

  1. Within EMS, go to the Web Process Templates area (Configuration > Web > Web Process Templates).
  2. Within a Web Process Template, locate the LDAP Groups tab and map the appropriate LDAP Group(s) to that Web Process Template.
  3. Click OK.