Our Streaming Video Platform now offers LDAP Authentication for our customers. If you are interested in setting up LDAP Authentication for your institution, please fill out the attached form below and submit to firstname.lastname@example.org.
What is LDAP?
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. A common use of LDAP is to provide a central place to store usernames and passwords. This allows for many different applications and services to connect to the LDAP server to validate users. This has been a major benefit that allows a central place to update and change user passwords.
What will be supported?
Infobase will support LDAP and LDAP over SSL (LDAPS, aka secure LDAP) for its video platform, which includes Learn360, Films on Demand, Access Video On Demand, and Classroom Video On Demand.
How will it work?
A one-time setup process will be required to enable a connection between an account's LDAP server and the Infobase video platform. Once the LDAP server is enabled, the client will be required to use their unique authenticated URL directly or our SSO Query String Parameters to take advantage of LDAP. The information contained in this access URL will allow Infobase to connect their account correctly based on the Account ID present in the URL.
To sign-in with a user, simply use the login box or add a username and password to the string:
When any user within an account with an establish LDAP connection logs in with their pre-defined username and password, Infobase will send a request to the client's LDAP server to verify they are a valid user. As part of this "handshake" process, an LDAP session will be initiated by connecting to the LDAP server, called a Directory System Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS. The login page will then send an operation request to the server, and the server will send a response in return back to our system. From there, the process differs depending on whether or not a user match was found in both the LDAP server and our Video platform.
If a User Match is Found:
If the username and password entered already exists in the platform database, and it matches a valid account on the LDAP server, it will be assumed that it is the same user account and the user will automatically be logged into the video platform.
If No User Match is Found:
If the system determines that the user is valid based on the LDAP information but there is no corresponding user found in the Infobase universe, and account will be created in our database and all user profile attributes will be updated.
In this scenario, all new accounts will be redirected to a page that asked them if they already have a different video platform account before using their LDAP credentials to create a new user. If they have one and enter the information, the two accounts will be linked. This is a one-time event for a new user. This is the default behavior.
Upon request, we can enable automatic account provisioning that will simply mirror your LDAP users on our end. This option will bypass the account linking or creation process altogether. Please let support know if you wish to utilize this option during the implementation process.
If they chose to create a new account, their LDAP credentials will be used for creation. If the client did not set up role mapping, all new accounts will be created as students by default.
If the account chooses to use LDAP, all new user accounts will be created as part of this simple authentication process. Account Admins will not have to set up user accounts within the Infobase video platform ahead of time.
User Prefix & Automatic New User Creation
To ensure your requested usernames are not previously in use, we recommend you provide our Support Team with a unique User Prefix that we can add to every username being created for your account. If you utilize the Prefix feature, we can also enable your account to bypass the New User Creation Screen entirely. The system instead will create a new user account with the prefix and log them in directly.
User Log Out and Log In Options
If you opt to use your authenticated URL without passing user information at the same time, we recommend enabling two additional options that will allow your users to easily log back into Learn360 if they are using shared computers.
- Enable our full log out option
- Redirection to your LDAP URL upon log out
Both of the above options can be enabled by our support department upon request. These will fully log anyone out of Learn360 who clicks on the Log Out option in the My Content menu and redirect them back to your LDAP authenticated Learn360 log in page automatically, ensuring that the next student who uses this computer can easily access their own account.
Mapping OU's and Groups
Our LDAP solution allows you to map your organizational units (OU's) and Groups to the buildings we have established in our account management system. Attached to this article are two Excel templates that can be completed and submitted to our support department to aid in this provisioning process.