Configure an LDAP integration in Service Manager

The Service Manager SAML Single Sign-On (SSO) solution requires the identity provider (that is, Microsoft ADFS) to connect with an LDAP directory and authenticate users from it.

Meanwhile, this solution requires Service Manager to integrate with the same LDAP directory to share user account information. When integrated with an LDAP directory, user accounts are synchronized from the LDAP server to Service Manager based on LDAP mapping.

When the user enters credentials on the identity provider (IdP) login page, the IdP returns a SAML response that contains a SAML assertion, which is then redirected to Service Manager. If the assertion is valid, the user is logged into Service Manager. This process requires correct LDAP mapping to be configured on both the Service Manager side and the IdP side.

  • On the IdP side, the IdP (Microsoft ADFS) must be configured to authenticate users from an LDAP directory, and the NameID claim type must be mapped to the samAccountName LDAP attribute. For details, see Install and configure the standalone IdM service.
  • On the Service Manager side, an LDAP integration to the same LDAP directory must be set up, and the name field in the operator table must be mapped to the samAccountName LDAP attribute. For details, see Enable an integration to LDAP.