Home

Azure LDAP authentication for external SAAS

%3CLINGO-SUB%20id%3D%22lingo-sub-93116%22%20slang%3D%22en-US%22%3EAzure%20LDAP%20authentication%20for%20external%20SAAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-93116%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20presently%20have%20a%20domain%20controller%20and%20ADFS%20server%20in%26nbsp%3BAzure.%20We're%20about%20to%20migrate%20our%20local%26nbsp%3Blearning%20management%20system%20(LMS)%20to%20an%20externally%20hosted%20SAAS.%20How%20can%20we%20set%20up%20the%20the%20Azure%20environment%20as%20the%20LDAP%20authentication%26nbsp%3Bmethod%20for%20the%20SAAS%3F%20We%20want%20to%20make%20sure%20the%20users%20can%20access%20the%20LMS%20in%20the%20event%20our%20local%20ISP%20connection%20is%20unavailable.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-93116%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELDAP%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-100397%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20LDAP%20authentication%20for%20external%20SAAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100397%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ronald%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELDAP%20is%20what%20I%20call%20a%20legacy%20protocol%20not%20designed%20for%20the%20public%20internet.%26nbsp%3B%20In%20mine%20opinion%20the%20SaaS%20need%20to%20support%20some%20kind%20of%20internet%20based%20teqnique%20like%20oauth%2C%20saml%2C%20token%20provider%20etc.%20With%20that%20said%20it%20is%20possible%20to%20allow%20LDAP%20communication%20on%20the%20public%20internet.%20Please%20investigate%20the%20options%20of%20the%20SaaS%20provider%20to%20connect%20on%20a%20VPN%20based%20technique.%20When%20its%20not%20possible%20to%20use%20a%20(secure)%20VPN%20tunnel%20the%20advise%20is%20to%20use%20LDAPS%20and%20work%20with%20some%20kind%20of%20IP%20filter%20technique.%20Also%20make%20sure%20the%20host%20that%20published%20LDAPS%20to%20the%20public%20internet%20is%20hardened%20an%20(always)%20up--to-date.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EMikkie%3C%2FP%3E%3C%2FLINGO-BODY%3E
Ronald LeVick
Occasional Visitor

We presently have a domain controller and ADFS server in Azure. We're about to migrate our local learning management system (LMS) to an externally hosted SAAS. How can we set up the the Azure environment as the LDAP authentication method for the SAAS? We want to make sure the users can access the LMS in the event our local ISP connection is unavailable.

1 Reply

Hi Ronald,

 

LDAP is what I call a legacy protocol not designed for the public internet.  In mine opinion the SaaS need to support some kind of internet based teqnique like oauth, saml, token provider etc. With that said it is possible to allow LDAP communication on the public internet. Please investigate the options of the SaaS provider to connect on a VPN based technique. When its not possible to use a (secure) VPN tunnel the advise is to use LDAPS and work with some kind of IP filter technique. Also make sure the host that published LDAPS to the public internet is hardened an (always) up--to-date.

 

Regards,

Mikkie

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies