Configuring the LDAP Security Manager for In-house
Prerequisite Tasks
These instructions assume that you have an in-house installation of frevvo up and running. Refer to Configuring the LDAP Security Manager LDAP(s) for Cloud tenants if you have signed up for an LDAP tenant on the cloud server.
Roles
Required: Active Directory Customers using LDAP must ensure frevvo.TenantAdmin and frevvo.Designer groups are specified on your LDAP/AD server. The group names must be spelled as shown. Upper/lower case may be a factor for Open LDAP systems.
Tenant admin users must be assigned to the frevvo.TenantAdmin group.
Designer users must be assigned to the frevvo.Designer group. Note that, unlike the default security manager, users in the frevvo.TenantAdmin group must also be in the frevvo.Designer group to design forms/workflows.
Optional: There are two additional roles in frevvo - frevvo.Publisher and frevvo.ReadOnly. These roles are optional.
In order to give a user the frevvo.publishers role, create the frevvo.Publisher group in your AD and assign users to it. Refer to the Publisher Role Documentation for an explanation of this role.
In order to give a user the frevvo.ReadOnly role, create the frevvo.ReadOnly group in your AD and assign users to it. Following frevvo Best Practice eliminates the need for this role.
Contact the frevvo Customer Success team to schedule your Security Manager configuration.
frevvo Best Practice recommends that you create a user account in your Active Directory that will house all of your deployed Production forms/workflows. This user can be named anything i.e.frevvoProduction but it must be a member of the frevvo.Designer group.
Review the documentation on Preserving Projects/Forms/Workflows developed in your trial/starter tenant BEFORE changing security managers.
Configuring frevvo and LDAP/Active Directory
frevvo users and groups can be maintained externally in systems such as Active Directory or Open LDAP. Follow these steps to integrate frevvo and your LDAP server:
Collect the key information listed below and verify the Prerequisite Tasks have been performed.
Create a tenant with the LDAP/Active Directory Security Manager class.
Once you have your tenant successfully connecting with your LDAP server, review the available options regarding the authentication process.
Key Information to Collect
Before configuring the LDAP/Active Directory Security Manager, you will need the following information:
LDAP server name or ip
LDAP server port
User name and password with proper permissions to access and browse LDAP.
LDAP groups and/or users that will be considered frevvo designers. These users will be able to create forms and Workflows in frevvo.
LDAP groups and users that will be considered frevvo administrators.
LDAP groups and users that will be considered frevvo publishers. This role gives a user the permission to go to the home page of every other tenant user.
LDAP groups and users that will be considered ReadOnly.
LDAP user and groups base filters
LDAP all users and all groups filters
LDAP the attribute names in your Active Directory for UserId Display, GroupId Display, User Member Of, Group Member, First Name, Last Name, Email and Manager (optional)
Create/Edit a tenant with the LDAP/Active Directory Security Manager
The connection to your LDAP server is configured at the tenant level.
New frevvo in-house customers can add an LDAP tenant and configure the LDAP parameters via the Add Tenant screen. LDAP properties can be updated at anytime via the Edit Tenant screen.
Cloud customers must request an LDAP tenant from frevvo customer support. Cloud customers will receive a default tenant login from frevvo and then they can edit the LDAP configuration properties using the Edit Tenant screen to connect to their LDAP server.
In all cases, follow these steps to configure LDAP. These instructions assume that you have an in-house installation of frevvo up and running or you have signed up for an LDAP tenant on the cloud server.
In-house customers:
Login to frevvo as an administrator (user:admin and password:admin if you have not changed it)
Click on Manage and then Manage Tenants
You will see a page where the current tenants are listed. If this is a new installation you will only see the default tenant d
Click on the
plus icon to add a new tenant.
Configure the new tenant - Choose LDAP/Active Directory Security Manager from the Security Manager Class dropdown.
Enter your LDAP Configuration Properties and Sample Configurations. Alternatively, you can start off from one of the sample configurations and provide only the key information listed above. See below for information on the TLS checkbox.
If you are creating a new tenant:
Enter a tenant id, a tenant name and description.
The Max Concurrent Users is the maximum allowed by your license or less.
Specify the User ID, password and email address of a user that will have the tenant admin permission. This user id is the built-in and can be used to access tenant administrative functions if you cannot log in as an authenticated LDAP tenant admin.
The tenant admin id, password and email fields are required. The Change password on next login is optional. It is checked by default.
Click Submit. You will see your new tenant in the tenant list if the connection to your LDAP server is successful.
The Ignore Case and Notify checkboxes are checked by default. It is recommended that you leave them checked. Refer to Mixed or Upper case User Names topic for an explanation of the Ignore Case option.
The Notify checkbox determines whether the task notification emails setup in frevvo workflows are sent or not.
Clicking the submit button tests the connection. Any errors are displayed at the top of the form. Here is an example of an error when there is a typo in the LDAP server name: