The LDAP (Lightweight Directory Access Protocol) Login and Single Sign-On (SSO) Sign-In feature are secure authentication solution designed to enable user access Mavis. As the administrator, after setting, personal of your organization under will be able to login with ease.
before you start, there are a few things you need to be aware:
1. Mavis only allows one external login authentication method.
2. Once you activate either one of login authentications, the user created by Mavis admonitor will be blocked from logging in Mavis. (Mavis administrator can still log in)
3. For Microsoft, if the original Mavis account matches the email from SSO provider, logged in user will be linked to the same Mavis account, otherwise, a new user will be created with the email from SSO provider as account name.
Currently we offer this external authentication, click to see how to set them up:
LDAP
Microsoft (Azure AD)
How to set up LDAP integration information in Mavis?
Once the LDAP settings have been configured, users can opt to use LDAP for identity verification during login. (Users can also see the different login buttons in the login page)
LDAP integration settings
Step 1.
Click the Admin panel - System Management page and click Authentication.
Step 2.
Click edit button and choose External source as LDAP
Please note that it may take 2-3 minutes for the system to integrate with LDAP after the configuration is complete.
Name | Description |
Secure connection (SSL) |
The default value will be disabled. If the LDAP server's domain is accessed over HTTPS, then the secure connection setting should be enabled. |
LDAP server provider | Currently we provide Windows AD |
URL | The server connection information with the LDAP server. (Can be IP or domain) |
Port | The default port will be 389. |
Bind account or DN |
Please provide an LDAP account with administrator permission to search for user identity information. e.g.
|
Bind password | The bind account's password. |
Base DN | e.g.
|
Auto-synchronization | Once enabled, Mavis will sync system user with your LDAP server every 24 hours at system time 00:00. |
Search filter for login and syncing users | e.g.
|
|
e.g. (memberOf=CN=Administrators,CN=Builtin,DC=mavisdemo,DC=com) |
Troubleshooting
Error message | Description |
Incorrect account or password | Invalid account or password while attempting to log in to LDAP. Kindly ensure that the login credentials are accurate. |
Duplicate user account | The LDAP user account is already existing in the local system, which violates the unique user account policy of Mavis. As an administrator of Mavis, you have two options: either remove the user account from Mavis or modify the LDAP user account to ensure its uniqueness in Mavis. |
Duplicate user email | The LDAP user email is already existing in the local system, which violates the unique user email policy of Mavis. As an administrator of Mavis, you have two options: either remove the user email from Mavis or modify the LDAP user email to ensure its uniqueness in Mavis. |
Missing email | The LDAP user account's email information is not available. To resolve this issue, please contact the LDAP administrator and ensure the user account's email has been set up. |
Once the LDAP settings have been configured, users can opt to use LDAP for identity verification during login. (Users can also see the different login buttons in the login page)
Microsoft integration settings
- Login Microsoft Azure: https://portal.azure.com/#home
- Azure Active Directory → App registrations → New registration
- Register an application.
- Get Application (client) ID and Directory (tenant) ID here.
- Authentication → Add a platform → Web
- Set redirect URL.
- Create a client secret, for safety caution you will also need to set a expire time.
- Get the value of the secret. Note that the value will be invisible after refreshing the page.
After you finish the setting in the Microsoft Azure console, you should have the following info:
- Tenant ID
- Client ID
- Secret Value
9. Go to the System Mangement and turn on the Authentication page, click edit button and choose External source as Microsoft fill in the form accordingly.
Once the Microsoft (Azure) authentication have been configured, users can opt to use Microsoft for identity verification during login. (Users can also see the different login buttons in the login page)