Prerequisite
You have the Technical configuration administrator function privilege.
LDAP accessible via Internet
If your LDAP server is accessible via the Internet, proceed as follows.
Enable LDAP
Start ARIS.
Click Application launcher >
Administration. The Administration opens with the
Configuration view.
Click User Management.
Click the arrow next to LDAP.
Click General settings.
Click Edit.
Enable Use LDAP.
If you want to use ARIS with multiple LDAP systems, enable Activate multiple LDAP integration and click OK in the Confirmation of property value change dialog.
Click Save.
You have added an LDAP server.
Configure the LDAP connection.
Click Add. The Add LDAP server dialog opens.
Enter the following:
ID of the LDAP server
Display name of the LDAP server
LDAP server URL
LDAP server fallback URL
User name of the user who has access to the LDAP content
Password of this user
Specify whether to use SSL and in which mode.
Specify whether to verify host names and certificates.
Simultaneous connections are a cross-tenant property. You can change them only using ARIS Cloud Controller. For more information, refer to the technical help.
Specify the connection timeout
Specify the read timeout
Click Save.
Configure the attribute mapping
Click the arrow next to the relevant LDAP server.
Click Attribute mappings.
Click Edit.
Specify the attribute objectClass.
Specify the attribute DN that contains the fully qualified name (distinguishedName).
Specify the attribute GUID that contains the objectGUID.
Click Save.
Configure the group attribute mapping
Click the arrow next to the relevant LDAP server.
Click Group attribute mappings.
Click Edit.
Specify the attribute that contains the group name.
Specify the attribute that references the members of a group.
Specify a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user group.
Click Save.
Configure the user attribute mapping
Click the arrow next to the relevant LDAP server.
Click User attribute mapping.
Click Edit.
Specify the attributes that contain the user attribute, for example, the first name, the last name, and the telephone number.
Click Save.
Configure the behavior
Click the arrow next to the relevant LDAP server.
Click Behavior.
Click Edit.
Specify the options you want to set:
the group and user object classes.
the search paths.
the search filters.
the recursion depth.
the page size.
the referrals.
Click Save.
Test the LDAP connection.
Click the arrow next to the relevant LDAP server.
Click Connection.
Click Test connection.
If the LDAP connection is valid, ARIS with LDAP is set up.
If you want to use single sign-on, you can use SAML 2.0.
LDAP accessible via Intranet
If you are using LDAP within the Intranet, you must establish VPN.
VPN stands for virtual private network. VPN extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
VPN is required
Contact Cloud Operations (CloudOps) for the required details to establish a VPN connection.
Establish a VPN connection.
Enable LDAP
Start ARIS.
Click Application launcher >
Administration. The Administration opens with the
Configuration view.
Click User Management.
Click the arrow next to LDAP.
Click General settings.
Click Edit.
Enable Use LDAP.
If you want to use ARIS with multiple LDAP systems, enable Activate multiple LDAP integration and click OK in the Confirmation of property value change dialog.
Click Save.
You have added an LDAP server.
Configure the LDAP connection.
Click Add. The Add LDAP server dialog opens.
Enter the following:
ID of the LDAP server
Display name of the LDAP server
LDAP server URL
LDAP server fallback URL
User name of the user who has access to the LDAP content
Password of this user
Specify whether to use SSL and in which mode.
Specify whether to verify host names and certificates.
Simultaneous connections are a cross-tenant property. You can change them only using ARIS Cloud Controller. For more information, refer to the technical help.
Specify the connection timeout
Specify the read timeout
Click Save.
Configure the attribute mapping
Click the arrow next to the relevant LDAP server.
Click Attribute mappings.
Click Edit.
Specify the attribute objectClass.
Specify the attribute DN that contains the fully qualified name (distinguishedName).
Specify the attribute GUID that contains the objectGUID.
Click Save.
Configure the group attribute mapping
Click the arrow next to the relevant LDAP server.
Click Group attribute mappings.
Click Edit.
Specify the attribute that contains the group name.
Specify the attribute that references the members of a group.
Specify a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user group.
Click Save.
Configure the user attribute mapping
Click the arrow next to the relevant LDAP server.
Click User attribute mapping.
Click Edit.
Specify the attributes that contain the user attribute, for example, the first name, the last name, and the telephone number.
Click Save.
Configure the behavior
Click the arrow next to the relevant LDAP server.
Click Behavior.
Click Edit.
Specify the options you want to set:
the group and user object classes.
the search paths.
the search filters.
the recursion depth.
the page size.
the referrals.
Click Save.
Test the LDAP connection.
Click the arrow next to the relevant LDAP server.
Click Connection.
Click Test connection.
If the LDAP connection is valid, ARIS with LDAP is set up.
If you want to use single sign-on, you can use SAML 2.0.