frevvo v11.1 is no longer supported. Please visit the Documentation Directory for our current Cloud Release and other versions.
Configuring the LDAP Security Manager for In-house
Follow these instructions if you have an in-house installation of frevvo up and running. If you have a provisioned cloud tenant and you want to configure the LDAP Security Manager, follow the instructions for Configuring the LDAP Security Manager LDAP(s) for Cloud tenants.
Safari browser later than v5.1.7 running on Windows is no longer supported. Issues were found when using Safari with LDAP - SSO.
On This Page:
Prerequisite Tasks
These instructions assume that you have an in-house installation of frevvo up and running. Refer to Configuring the LDAP Security Manager LDAP(s) for Cloud tenants if you have signed up for an LDAP tenant on the cloud server.
Roles
Required: Active Directory Customers using LDAP must ensure frevvo.TenantAdmin and frevvo.Designer groups are specified on your LDAP/AD server. The group names must be spelled as shown. Upper/lower case may be a factor for Open LDAP systems.
Tenant admin users must be assigned to the frevvo.TenantAdmin group.
Designer users must be assigned to the frevvo.Designer group. Note that, unlike the default security manager, users in the frevvo.TenantAdmin group must also be in the frevvo.Designer group to design forms/workflows.
Optional: There are two additional roles in frevvo - frevvo.Publisher and frevvo.ReadOnly. These roles are optional.
In order to give a user the frevvo.publishers role, create the frevvo.Publisher group in your AD and assign users to it. Refer to the Publisher Role Documentation for an explanation of this role.
In order to give a user the frevvo.ReadOnly role, create the frevvo.ReadOnly group in your AD and assign users to it. Following frevvo Best Practice eliminates the need for this role.
Contact the frevvo Customer Success team to schedule your Security Manager configuration.
frevvo Best Practice recommends that you create a user account in your Active Directory that will house all of your deployed Production forms/workflows. This user can be named anything i.e.frevvoProduction but it must be a member of the frevvo.Designer group.
Review the documentation on Preserving Projects/Forms/Workflows developed in your trial/starter tenant BEFORE changing security managers.
Configuring frevvo and LDAP/Active Directory
frevvo users and groups can be maintained externally in systems such as Active Directory or Open LDAP. Follow these steps to integrate frevvo and your LDAP server:
Collect the key information listed below and verify the Prerequisite Tasks have been performed.
Create a tenant with the LDAP/Active Directory Security Manager class.
Once you have your tenant successfully connecting with your LDAP server, review the available options regarding the authentication process.
Key Information to Collect
Before configuring the LDAP/Active Directory Security Manager, you will need the following information:
LDAP server name or ip
LDAP server port
User name and password with proper permissions to access and browse LDAP.
LDAP groups and/or users that will be considered frevvo designers. These users will be able to create forms and Workflows in frevvo.
LDAP groups and users that will be considered frevvo administrators.
LDAP groups and users that will be considered frevvo publishers. This role gives a user the permission to go to the home page of every other tenant user.
LDAP groups and users that will be considered ReadOnly.
LDAP user and groups base filters
LDAP all users and all groups filters
LDAP the attribute names in your Active Directory for UserId Display, GroupId Display, User Member Of, Group Member, First Name, Last Name, Email and Manager (optional)
Create/Edit a tenant with the LDAP/Active Directory Security Manager
The connection to your LDAP server is configured at the tenant level.
New frevvo in-house customers can add an LDAP tenant and configure the LDAP parameters via the Add Tenant screen. LDAP properties can be updated at anytime via the Edit Tenant screen.
Cloud customers must request an LDAP tenant from frevvo customer support. Cloud customers will receive a default tenant login from frevvo and then they can edit the LDAP configuration properties using the Edit Tenant screen to connect to their LDAP server.
In all cases, follow these steps to configure LDAP. These instructions assume that you have an in-house installation of frevvo up and running or you have signed up for an LDAP tenant on the cloud server.
In-house customers:
The Ignore Case and Notify checkboxes are checked by default. It is recommended that you leave them checked. Refer to Mixed or Upper case User Names topic for an explanation of the Ignore Case option.
The Notify checkbox determines whether the task notification emails setup in frevvo workflows are sent or not.
Clicking the submit button tests the connection. Any errors are displayed at the top of the form. Here is an example of an error when there is a typo in the LDAP server name:
Here is another example if the connection password is not correct
Refer to FAQ - frevvo and LDAP for more troubleshooting information.
Check if the configuration is correct
Here are some quick tests to check if the LDAP configuration is correct:
Login as the frevvo tenant admin for the LDAP tenant.
Click on the Manage Users link.
Click All. You should see a list of LDAP users who were assigned one of these frevvo roles on the LDAP server: frevvo.TenantAdmin, frevvo.Designer, frevvo.Publisher, frevvo.ReadOnly
Now, click Back To Manage Tenant.
Click Manage Roles. You should see a list of groups from your LDAP server.
Log out from frevvo (you should be currently logged in as the tenantadmin)
Try to log in with the user name and password of a user in LDAP. You need to specify the proper tenant when logging in. For instance, if john is a valid LDAP user and the name of the LDAP tenant is MYLDAP, you should log in as john@MYLDAP. The password would be john's password in LDAP.