Directory Services

swimlane integrates with two directory service types, microsoft's active directory (ad) and openldap many swimlane administrators leverage swimlane's directory services to allow their soc engineers and analysts to log in to swimlane with previously established directory credentials increase the ease of administrative maintenance for groups of users users are synced upon each login automatic synchronization occurs every night at midnight, server time if you have difficulty configuring directory services due to unknown or incorrect fields or attributes, see directory services synchronization field attribute mappings docid\ a7jihkkhwbwyxcgqn89u6 setting up open ldap services before you begin, verify that your server settings are correct! to set up open ldap from the left navigation menu, select settings, advanced click > to expand directory services and then select enable directory syncing this expands the selections for the settings that you need to set up click > to expand server settings on server type, select open ldap from this field you can either select open ldap or active directory the available categories and fields for additional setup vary according to this selection important! fields marked with an asterisk are required fields input your server settings click > to expand user settings and review or update the values there the default values for open ldap are often the most appropriate, but they may need to be altered to conform to your directory server’s configuration delete the default value for member of field target that field should typically be empty user location is empty by default while not required, adding a location is recommended here is a sample screenshot of open ldap user settings with default values click > to expand field mapping and review or update the values there these values rarely need to deviate from the defaults provided click > to expand group settings and review or update the values there delete the default value for member of field target that field should typically be empty the group location field must contain a distinguished name that provides the complete path to the container in which the targeted groups are defined note use an appropriate directory services client to inspect the targeted group(s) and make note of how belonging users are affiliated to the group(s) is it done through the groups' property named, member, or the users' property named, memberof, or through some other means? here's a sample screen of group settings in open ldap click > to expand groups and review or update the values there this is a list of manually entered groups to add a group, type the name in the field and then click add value keep in mind that you have to add each group individually, and that the values are case sensitive under groups to sync , click validate groups if this fails, troubleshoot by checking spelling and/or confirming that the group name is defined in the container specified in the group location value (a distinguished name) in group settings if you'd like you can save at this point, scroll up to the top of the directory services area of the form, and click test connection click > to expand membership and review or update the values there from this field you can select from one of two values by user field or by group field if the users are affiliated with their groups via the member property in each group, then choose by group click save again and then click sync now ensure that you receive confirmation of a successful sync (a green success message displays) then, from the left navigation menu, navigate to the swimlane users page and verify that all of the members of the targeted groups have been created as users if the sync is not successful, review the steps above if your problem persists, contact your swimlane support representative swimlane syncs the users who are members of the groups swimlane only syncs the top level users in each group; it does not traverse users in groups within the selected groups to sync users in these groups, add the groups directly to groups to sync a user’s display name is only synchronized when the user is initially created if the user name is updated in active directory, it will not be updated in swimlane this allows for user name customization in swimlane so the display name can appear differently in swimlane than it does in active directory note users are synced upon each login automatic synchronization occurs every night at midnight server time setting up active directory enable single sign on for your swimlane users by setting up and syncing active directory in swimlane settings users created through active directory sync count towards the swimlane user license limit before you begin, verify that your server settings are correct! to set up active directory from the left navigation menu, select settings, advanced click > to expand directory services and then select enable directory syncing this expands the selections for the settings that you need to set up click > to expand server settings on server type, select active directory from this field you can either select open ldap or active directory the available categories and fields for additional setup vary according to this selection important! fields marked with an asterisk are required fields input or verify the server settings note if you want to test the connection to the server at this point in the process, enter placeholder text in all required fields, including those in other sections, and then click save once your initial settings are saved, you can click test connection if your test does not succeed, see testing connections in directory services docid\ hqscd1xeh9txbq 7w3zmw click > to expand user settings and review or update the values there the default values for active directory are often the most appropriate, but they may need to be altered to conform to your directory server’s configuration delete the default value for member of field target that field should typically be empty here is a sample screenshot of active directory user settings with default values click > to expand field mapping and review or update the values there these values rarely need to deviate from the defaults provided click > to expand group settings and review or update the values there delete the default value for member of field target that field should typically be empty the group location field must contain a distinguished name that provides the complete path to the container in which the targeted groups are defined note use an appropriate directory services client to inspect the targeted group(s) and make note of how belonging users are affiliated to the group(s) is it done through the groups' property named, member, or the users' property named, memberof, or through some other means? here's a sample screen of group settings in active directory click > to expand groups and review or update the values there this is a list of manually entered groups to add a group, type the name in the field and then click add value keep in mind that you have to add each group individually, and that the values are case sensitive under groups to sync , click validate groups if this fails, troubleshoot by checking spelling and/or confirming that the group name is defined in the container specified in the group location value (a distinguished name) in group settings if you'd like you can save at this point, scroll up to the top of the directory services area of the form, and click test connection click > to expand membership and review or update the values there from this field you can select from one of two values by user field or by group field if the users are affiliated with their groups via the member property in each group, then choose by group click save again and then click sync now ensure that you receive confirmation of a successful sync (a green success message displays) then, navigate to the swimlane users page and verify that all of the members of the targeted groups have been created as users if the sync is not successful, review the steps above if your problem persists, contact your swimlane support representative swimlane syncs the users who are members of the groups swimlane only syncs the top level users in each group; it does not traverse users in groups within the selected groups to sync users in these groups, add the groups directly to groups to sync a user’s display name is only synchronized when the user is initially created if the user name is updated in active directory, it will not be updated in swimlane this allows for user name customization in swimlane so the display name can appear differently in swimlane than it does in active directory note users are synced upon each login automatic synchronization occurs every night at midnight server time authentication basic and ldap swimlane's basic authentication does not rely on host os support when you create a normal, non synced user, their username is stored in plain text their password is stored in scrambled form by encryption in contrast, when you create a synced user, their password is not stored in swimlane's mongodb they are authenticated to swimlane by the swimlane platform code sending a real time request to the ldap server to approve the synced user's swimlane login attempt