Azure LDAP authentication for external SAAS

%3CLINGO-SUB%20id%3D%22lingo-sub-93116%22%20slang%3D%22en-US%22%3EAzure%20LDAP%20authentication%20for%20external%20SAAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-93116%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20presently%20have%20a%20domain%20controller%20and%20ADFS%20server%20in%26nbsp%3BAzure.%20We're%20about%20to%20migrate%20our%20local%26nbsp%3Blearning%20management%20system%20(LMS)%20to%20an%20externally%20hosted%20SAAS.%20How%20can%20we%20set%20up%20the%20the%20Azure%20environment%20as%20the%20LDAP%20authentication%26nbsp%3Bmethod%20for%20the%20SAAS%3F%20We%20want%20to%20make%20sure%20the%20users%20can%20access%20the%20LMS%20in%20the%20event%20our%20local%20ISP%20connection%20is%20unavailable.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-93116%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELDAP%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-100397%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20LDAP%20authentication%20for%20external%20SAAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100397%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ronald%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELDAP%20is%20what%20I%20call%20a%20legacy%20protocol%20not%20designed%20for%20the%20public%20internet.%26nbsp%3B%20In%20mine%20opinion%20the%20SaaS%20need%20to%20support%20some%20kind%20of%20internet%20based%20teqnique%20like%20oauth%2C%20saml%2C%20token%20provider%20etc.%20With%20that%20said%20it%20is%20possible%20to%20allow%20LDAP%20communication%20on%20the%20public%20internet.%20Please%20investigate%20the%20options%20of%20the%20SaaS%20provider%20to%20connect%20on%20a%20VPN%20based%20technique.%20When%20its%20not%20possible%20to%20use%20a%20(secure)%20VPN%20tunnel%20the%20advise%20is%20to%20use%20LDAPS%20and%20work%20with%20some%20kind%20of%20IP%20filter%20technique.%20Also%20make%20sure%20the%20host%20that%20published%20LDAPS%20to%20the%20public%20internet%20is%20hardened%20an%20(always)%20up--to-date.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EMikkie%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

We presently have a domain controller and ADFS server in Azure. We're about to migrate our local learning management system (LMS) to an externally hosted SAAS. How can we set up the the Azure environment as the LDAP authentication method for the SAAS? We want to make sure the users can access the LMS in the event our local ISP connection is unavailable.

1 Reply
Highlighted

Hi Ronald,

 

LDAP is what I call a legacy protocol not designed for the public internet.  In mine opinion the SaaS need to support some kind of internet based teqnique like oauth, saml, token provider etc. With that said it is possible to allow LDAP communication on the public internet. Please investigate the options of the SaaS provider to connect on a VPN based technique. When its not possible to use a (secure) VPN tunnel the advise is to use LDAPS and work with some kind of IP filter technique. Also make sure the host that published LDAPS to the public internet is hardened an (always) up--to-date.

 

Regards,

Mikkie