Current ThreatQ Version Filter
 

About LDAP Authentication

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions: Administrative Functions - Edit User Management

If SSL Client Certificate Authentication is enabled, the LDAP tab displays a warning message indicating that SSL Client Certificate Authentication/CAC must be disabled before you can enable LDAP.

AGDS Users -If you are using LDAP or SAML authentication on your Source ThreatQ instance, and require users transferred via import to have authentication capabilities on your Target ThreatQ instance, then you must enable the same authentication method on your Target ThreatQ instance prior to performing import.

ThreatQ allows you to configure system access via LDAP, the Lightweight Directory Access Protocol. You have two configuration options:

It is highly recommended that you review the Required Information for Creating LDAP Authentication section of the About LDAP Authentication topic before configuring your LDAP settings.

To Access the LDAP tab:

  1. From the main menu, select the Settings Settings Icon icon > User Management.
  2. Click the LDAP tab.

    The LDAP tab opens with the Anonymous Bind LDAP Settings form loaded by default.
    LDAP Legacy Page

Required Information for Creating LDAP Authentication

Before you configure a connection to your LDAP server, you should work with your LDAP administrator to collect, at minimum, the following information:

Anonymous Bind

  • LDAP Server URL

  • LDAP Port

  • LDAP Group Field Name

  • LDAP Filter Field Name

  • LDAP group mappings for super, maintenance, analyst, and observer

Authenticated Bind

  • LDAP Server name or IP Address

  • LDAP port

  • LDAP base DN

  • LDAP Group Member Field Name

  • LDAP Primary Group Name

  • Whether to use LDAP over SSL (ldaps or ldap)

  • LDAP User Id Key Field Name

  • LDAP User Group Member Key Field Name

  • LDAP group mappings for super, maintenance, analyst, and observer

Switching LDAP Connections

To switch between using the Anonymous (Legacy) and Authenticated (Updated) Bind LDAP connections, open the desired connection type’s form in the LDAP section and click on the Save button.

Example:  You are using the Anonymous Bind LDAP option. You switch to the Authenticated Bind LDAP Settings tab and click Save. ThreatQ will now use these settings. If you switch back to the Anonymous Bind LDAP Settings tab and click Save again, ThreatQ will start using the Anonymous Bind LDAP settings again.