- Getting Started
- Recommended Integration & Registration Flow
- Admin Console Overview
- User Onboarding and Management
- User Registration and Login
- Enterprise Applications
- Microsoft Integration
- Installing TraitWare PAM Module for SSH and SFTP
- cPanel OIDC Integration
- Browser Extension
Azure Domain LDAP Sync Setup Walkthrough
Posted on May 1, 2019
Azure LDAP Setup
Azure Domain Setup for Syncing Users With TraitWare
Visit https://portal.azure.com and log in using your admin username and password (for possibly the last time ever). Select the domain you will be federating with TraitWare (traitware.net here for example). Note: Your domain will need to be verified in Azure (DNS records added) before it can be federated.
If you do not already have an Azure AD Domain Services resource setup, you must do so using your domain.
Once that process is complete, on your Azure domain screen (i.e. traitware.net), select Secure LDAP.
Select Enable under Secure LDAP AND under Allow secure LDAP access over the internet.
Upload a .PFX formatted certificate specific to the domain you are federating. This is required and will ensure that connections from TraitWare to your Azure AD are secure.
Select Properties in the side menu. Then select the Network security group associated with subnet link. Also, take note of your Secure LDAP external IP address. You will need to paste that into the TraitWare LDAP configuration settings on your TraitWare Console Customer screen, as well as creating a DNS A record. You can always come back here later to find it.
You are now in the Network Security Group Overview. We will be creating a new security rule to allow TraitWare to securely connect to your Azure AD. Select Inbound security rules.
Select + Add to add an inbound security rule.
Add the rule. Type (traitware server IP) into the Source field to restrict access to only TraitWare. Type 636 in the Destination port range. This is the LDAP port that TraitWare will contact to sync your users to TraitWare. You will also need to add a Name for the Security Rule. Source port ranges, Protocol, Action, and Priority can be left alone. After you enter the values, select Add at the bottom.
You should see the security rule added (TraitWare_LDAP_SYNC here, for example).
You’ve set up your Azure domain to allow TraitWare to sync all of your on-premise AD users to your TraitWare console.
If you are using a Cloud-only or hybrid Azure environment, please see the walkthrough on setting up MSFT graphAPI access for TraitWare.
If you are using On-Prem AD only or a hybrid (On-Prem/Azure) environment with Azure AD Connect, you can continue on to configure your AD settings in the TraitWare Customer Console (https://admin.traitware.com).