Skip to main content
All CollectionsAccount Management
Federated Authentication
Federated Authentication
V
Written by VPT
Updated over a week ago

VPT can connect to your organization’s directory service to allow you to use existing user accounts to control access to the application. Currently, most standard LDAP services such as Microsoft Active Directory are supported.

Connect to directory service

You must first configure a connection to your directory service so that VPT can communicate with and query the directory to find users in your organization.

  1. From VPT, click on the three-dot menu on the top navigation bar and then click on Manage Account to navigate to the Account Management.

  2. Click on Settings on the left navigation bar.

  3. You will see the status of the directory service connection.

  4. Click Connect Now to bring up connection modal.

  5. The form should be completed as follows:

    Host: The hostname of the server running the LDAP service. This host must be reachable from the internet for VPT to communicate with the service.

    Port: The port that the LDAP service is listening on. This is typically 389 for LDAP and 636 for LDAPS, but this can be customized based on your internal configuration.

    I have an account: This checkbox should be checked if you need to authenticate to the directory service to query. If your directory service is configured to allow anonymous binds, then you may not need to check this box.

    Domain Username: The username of the account used to authenticate to the directory service, if required.

    Password: The password of the account used to authenticate to the directory service, if required.

    Base DN: This is the starting point for all searches against the directory service. It is where queries to find user accounts will start. A typical Base DN will be in the format “DC=example,DC=com” where “example” can be replaced by your specific domain name.

    Filter: The filter allows you to add specific filters to the LDAP search query used by VPT. You can use this to further restrict the groups and users that can be used to create accounts in VPT.

    Attribute Mappings: These are the fields in VPT that will be populated from the directory service when you create a new user. You must specify the directory object attribute that will be used for each field in the VPT user account.

    Username: The attribute in the directory service that will be used for the Username field in VPT for new users.

    Email: The attribute in the directory service that will be used for the Email field in VPT for new users.

    Phone: The attribute in the directory service that will be used for the Phone field in VPT for new users.

    First Name: The attribute in the directory service that will be used for the First Name field in VPT for new users.

    Last Name: The attribute in the directory service that will be used for the Last Name field in VPT for new users.

    Middle Name: The attribute in the directory service that will be used for the Middle Name field in VPT for new users.

  6. Click Save to save the configuration and test the connection.

If there is a connection issue, you will see an error which will help explain the cause.

Adding users from a directory service

Once you have successfully connected to a directory service, you can add users to VPT from the directory using the steps below.

  1. From VPT, click on the three-dot menu on the top navigation bar and then click on Manage Account to navigate to the Account Management Portal.

  2. Click Users on the left navigation bar.

  3. Click + Add User to bring up the Create User modal.

  4. Click Sync from Active Directory at the top of the modal.

  5. In the AD Username field, enter the directory service username for the user you wish to add, then click Fetch to query the service for the user and their information.

  6. Select the Role(s) and Team(s) for the user and click Save.

    The user account is created, and the user can use their directory service username and password to login to VPT.

Did this answer your question?