Procedure

Prerequisite

You have the Technical configuration administrator function privilege.

LDAP accessible via Internet

If your LDAP server is accessible via the Internet, proceed as follows.

Enable LDAP

  1. Start ARIS.

  2. Click Application launcher Application launcher > Administration Administration. The Administration opens with the Configuration Configuration view.

  3. Click User Management.

  4. Click the arrow next to LDAP.

  5. Click General settings.

  6. Click Edit Edit.

  7. Enable Use LDAP.

  8. If you want to use ARIS with multiple LDAP systems, enable Activate multiple LDAP integration and click OK in the Confirmation of property value change dialog.

  9. Click Save Save.

You have added an LDAP server.

Configure the LDAP connection.

  1. Click Add Add. The Add LDAP server dialog opens.

  2. Enter the following:

    • ID of the LDAP server

    • Display name of the LDAP server

    • LDAP server URL

    • LDAP server fallback URL

    • User name of the user who has access to the LDAP content

    • Password of this user

    • Specify whether to use SSL and in which mode.

    • Specify whether to verify host names and certificates.

    • Simultaneous connections are a cross-tenant property. You can change them only using ARIS Cloud Controller. For more information, refer to the technical help.

    • Specify the connection timeout

    • Specify the read timeout

  3. Click Save.

Configure the attribute mapping

  1. Click the arrow next to the relevant LDAP server.

  2. Click Attribute mappings.

  3. Click Edit Edit.

  4. Specify the attribute objectClass.

  5. Specify the attribute DN that contains the fully qualified name (distinguishedName).

  6. Specify the attribute GUID that contains the objectGUID.

  7. Click Save Save.

Configure the group attribute mapping

  1. Click the arrow next to the relevant LDAP server.

  2. Click Group attribute mappings.

  3. Click Edit Edit.

  4. Specify the attribute that contains the group name.

  5. Specify the attribute that references the members of a group.

  6. Specify a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user group.

  7. Click Save Save.

Configure the user attribute mapping

  1. Click the arrow next to the relevant LDAP server.

  2. Click User attribute mapping.

  3. Click Edit Edit.

  4. Specify the attributes that contain the user attribute, for example, the first name, the last name, and the telephone number.

  5. Click Save Save.

Configure the behavior

  1. Click the arrow next to the relevant LDAP server.

  2. Click Behavior.

  3. Click Edit Edit.

  4. Specify the options you want to set:

    • the group and user object classes.

    • the search paths.

    • the search filters.

    • the recursion depth.

    • the page size.

    • the referrals.

  5. Click Save Save.

Test the LDAP connection.

  1. Click the arrow next to the relevant LDAP server.

  2. Click Connection.

  3. Click Test connectionTest connection.

If the LDAP connection is valid, ARIS with LDAP is set up.

If you want to use single sign-on, you can use SAML 2.0.

LDAP accessible via Intranet

If you are using LDAP within the Intranet, you must establish VPN.

VPN stands for virtual private network. VPN extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

VPN is required

  1. Contact Cloud Operations (CloudOps) for the required details to establish a VPN connection.

  2. Establish a VPN connection.

Enable LDAP

  1. Start ARIS.

  2. Click Application launcher Application launcher > Administration Administration. The Administration opens with the Configuration Configuration view.

  3. Click User Management.

  4. Click the arrow next to LDAP.

  5. Click General settings.

  6. Click Edit Edit.

  7. Enable Use LDAP.

  8. If you want to use ARIS with multiple LDAP systems, enable Activate multiple LDAP integration and click OK in the Confirmation of property value change dialog.

  9. Click Save Save.

You have added an LDAP server.

Configure the LDAP connection.

  1. Click Add Add. The Add LDAP server dialog opens.

  2. Enter the following:

    • ID of the LDAP server

    • Display name of the LDAP server

    • LDAP server URL

    • LDAP server fallback URL

    • User name of the user who has access to the LDAP content

    • Password of this user

    • Specify whether to use SSL and in which mode.

    • Specify whether to verify host names and certificates.

    • Simultaneous connections are a cross-tenant property. You can change them only using ARIS Cloud Controller. For more information, refer to the technical help.

    • Specify the connection timeout

    • Specify the read timeout

  3. Click Save.

Configure the attribute mapping

  1. Click the arrow next to the relevant LDAP server.

  2. Click Attribute mappings.

  3. Click Edit Edit.

  4. Specify the attribute objectClass.

  5. Specify the attribute DN that contains the fully qualified name (distinguishedName).

  6. Specify the attribute GUID that contains the objectGUID.

  7. Click Save Save.

Configure the group attribute mapping

  1. Click the arrow next to the relevant LDAP server.

  2. Click Group attribute mappings.

  3. Click Edit Edit.

  4. Specify the attribute that contains the group name.

  5. Specify the attribute that references the members of a group.

  6. Specify a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user group.

  7. Click Save Save.

Configure the user attribute mapping

  1. Click the arrow next to the relevant LDAP server.

  2. Click User attribute mapping.

  3. Click Edit Edit.

  4. Specify the attributes that contain the user attribute, for example, the first name, the last name, and the telephone number.

  5. Click Save Save.

Configure the behavior

  1. Click the arrow next to the relevant LDAP server.

  2. Click Behavior.

  3. Click Edit Edit.

  4. Specify the options you want to set:

    • the group and user object classes.

    • the search paths.

    • the search filters.

    • the recursion depth.

    • the page size.

    • the referrals.

  5. Click Save Save.

Test the LDAP connection.

  1. Click the arrow next to the relevant LDAP server.

  2. Click Connection.

  3. Click Test connectionTest connection.

If the LDAP connection is valid, ARIS with LDAP is set up.

If you want to use single sign-on, you can use SAML 2.0.