# LDAP ## Setting up LDAP in Exivity {% hint style="info" %} Make sure you are performing the following steps with a Exivity user with enough rights (admin user) {% endhint %} First, go to **Administration** - **Settings** - **Single sign-on** and choose the *LDAP* tab: ![](/files/-M101DlXr2AXHVOn4bRX) Fill the required *Server* and *Attributes* section parameters, and click on *UPDATE*. **Server section:** | Parameter | Explanation | | -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Domain controllers* | The domain controllers option is an array of servers located on your network that serve Active Directory. You can insert as many servers or as little as you'd like depending on your forest (with the minimum of one of course). Separate multiple servers with a single space. | | *Port* | Depending on your chosen encryption use 389 (unencrypted or TLS) or 686 (SSL) | | *Timeout* | The timeout option allows you to configure the amount of time in seconds that your application waits until a response is received from your LDAP server. | | *Encryption* | Choose your desired encryption, SSL and TLS are supported. If you choose encryption make sure you read the section *Setting up your security certificate*. | **Attributes section:** | **Parameter** | Explanation | | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Base DN* | The base distinguished name is the base distinguished name you'd like to perform query operations on. (optional) | | *Account prefix* | The account prefix option is the prefix of your user accounts in LDAP directory. This string is prepended to all authenticating users usernames. (optional) | | *Account suffix* | The account suffix option is the suffix of your user accounts in your LDAP directory. This string is appended to all authenticating users usernames. (optional) | | *Default user group* | When a new user logs in using LDAP, a user will be created in this user group. (recommended) | Finally, go to the **System** tab, in the **Core** section, set the **Single Sign-On** parameter to *Local and LDAP Authentication* and click on *UPDATE.* ![](/files/-M104qSYNyVnOto4nRME) Now you can start login in Exivity using LDAP authentication. ### Setting up your security certificate {% hint style="info" %} This section only needs to be performed if you have chosen encryption SSL or TLS to authenticate with LDAP. These steps are done in the Exivity server side. {% endhint %} If you don't have a certificate in .pem format you can convert your current certificate with the [OpenSSL tool](https://slproweb.com/products/Win32OpenSSL.html). Once you have your pem certificate stored in the server hard drive, take a note of its path, and create a system environmental variable *LDAPTLS\_CACERT* . The value of this environmental variable will be the certificate full path. ![](/files/-M1088aHEVDX-7TvkVPR) Finally, restart the *Exivity Web Service*. ![](/files/-M107aM-25aSCi_4ZjwC) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://olddocs.exivity.io/3.4.3/advanced/integrate/sso/ldap.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.