HomeGuidesAPI Reference
Get Started

Sync With LDAP

Suggest Edits

This document provides a step-by-step guide on how to synchronize an LDAP directory with Foxpass. The synchronization process ensures seamless user provisioning, de-provisioning, and group membership management within Foxpass, reflecting the changes made in the LDAP directory.

Prerequisites

  • LDAP server details: Address, bind DN, bind password.
  • Base DN for searching users and groups in LDAP.

Steps

  • Go to the Sync page of Foxpass.

  • Click on the 'LDAP' tab.

    Click 'LDAP' tab

    Click 'LDAP' tab

  • To sync users, click 'Yes' 'User Sync: Automatically synchronize users with LDAP?'

    Select 'Yes' sync users

    Select 'Yes' sync users

  • Enter your LDAP URI, Base DN, bind user, and bind password. Other entries are optional and you can fill them as per your use case. Choose 'OpenLDAP' or 'Active Directory' for 'LDAP Protocol' according to your need.

  • Click 'Save'

    Enter LDAP details

    Enter LDAP details

LDAP sync

LDAP sync

  • Click 'Sync Now' button. You will see a confirmation dialog.

    Sync initiated successfully

    Sync initiated successfully

  • Click 'Ok'.

  • Check sync status under 'LDAP sync info'.

Optional: Enable Group Sync Allowed list

If you have group sync enabled, you can allowed groups that get imported during sync. This is useful for organizations that only want to import a subset of their groups used in Foxpass. Once group sync is enabled, you'll see a field to add any group prefixes allowed to be synced. During the group sync process, any groups that do not begin with that prefix are not synced with Foxpass.

Optional: Enable Allowed Users list via Group Membership

If you have group sync enabled, you can add an allowed users list from specific groups. This is useful for organizations that only want a subset of their directory to have access to Foxpass. Once group sync is enabled, you'll see a field to mark any groups allowed to be synced. During the group sync process, any users that are not a member of one of those groups are automatically marked as "inactive."

Optional: Enable Non Allowed Users list via Group Membership

If you have group sync enabled, you can have a list of non-allowed users that belong to specific groups. This is useful for organizations that have a large number of machine or role accounts that don't need access to Foxpass. Once group sync is enabled, you'll see a field to mark any groups to be ignored from syncing. During the group sync process, any users that are a member of one of those groups are automatically marked as "inactive."

Updated 2 months ago