Kopano Cloud AD Connect – The universal LDAP connector
By default, Kopano Cloud uses its internal mechanisms to manage its users and their authentication requirements. However, in some cases, one or more directory services already exist in a customer’s environment, which can serve two main purposes:
- As a source of information for users who need to be added to / given access to a Kopano Cloud instance
- Being the main identity provider in the customer’s infrastructure to process authentication requests for these users
The first part in particular has been a feature request for some time, as adding users either manually via the management UI or by script using the Graph-like API has limitations in terms of simplicity and scalability. Now a directory service can be easily utilised for such purposes.
Moreover, the second purpose is often a hard requirement when it comes to user/identity management – be it in a service or on-premises context. For those who need to fulfil such compliance requirements, this is now also possible. And, of course, it is convenient for users to be able to use the same credentials for multiple services.
As Kopano Cloud is primarily a system designed to handle multiple tenants simultaneously, AD Connect can be used not only with a single directory service, but with multiple directory services – all at once. Each connection can be configured individually and its scope restricted accordingly. This means that each organisation can use its own directory service with an independent configuration.
Featues in a nutshell
- Import of users from an LDAP-speaking directory service
- Sync / update changes to users, incl. deactivation or deletion of accounts
- Redirect authentication requests to the directory service as the main identity provider
- Overwrite existing users manually added in the past is possible (useful if a directory service is added later)
- Configurable to work with a single organisation or for the entire Kopano Cloud system
- Generic approach; no LDAP schema extensions required
- Compatible with Microsoft Windows Active Directory, OpenLDAP and probably most other LDAP providers
To learn more, please follow the link below: