Creating an authentication store (LDAP)

Use the Authentication Store tab to manage your authentication stores. Use this page to provide local authentication for STS without connecting to a remote IdP.

The Authentication Store tab is under your tenant name drop-down menu.

To create a new authentication store:

  1. Click Add.
  2. Specify this information:
    Name
    A human-readable name for your authentication store.
    Authentication Store Type
    Select LDAP from the drop-down.
    Use LDAPS Check Box
    To use LDAPS, you must select this check box. If you use LDAPS, you are required to upload a SSL certificate.
    LDAP URL
    This is made up of your LDAP host and port. (ldap://{hostname}:{port})

    The LDAP connection uses port 389, and secure LDAP connections use port 636.

    Bind User
    The administrator user who will bind with LDAP.
    Bind User Password
    The password for the administrator.
    User Attribute
    This field is used for searching for the user in LDAP. The property entered here specifies the attribute that must be used to match the provided user name when a user is logging on.
    User Object Class
    This is a higher-level object of what you are searching. It specifies the object class of a user in the LDAP schema.
    User Search Scope
    Defines the search scope for finding users. Possible values are: one, sub.
    Search Base
    Tree from which users are searched: (cn=username,dc=infor,dc=com)
    Assertion Identity Key
    This value in this field may be the same as the User Attribute value. It is used to look up the user in IFS to verify that the user is active.
    User Lookup field
    This value, selected from a drop-down list, is used with the value from the Assertion Identity Key to look up a user in IFS. The default value is UPN.
    Note: The Assertion Identity Key and User Lookup field work together to verify the status of the user. If UPN is selected from the drop-down in the User Lookup field, then the value in the Assertion Identity Key must relate to this value.
    Test Connection
    After entering all the required fields, you must click Test Connection to validate that the connection is successful. This button is located at the top of the page.