Skip to content

External Authentication Services#

The Unryo Platform is currently capable of using LDAP servers as a source of authentication information. You can access this via your Unryo Portal:

Step 1: Click on the gear icon at the top right and then on "Users & Groups".

image

Step 2: Click on the "Auth Backends" tab.

image

You will be able to manage your external authentication services here via a configuration wizard.

image

Step 3: By default, external users the "Default" group, which you can find in the "Groups" tab of the "Users & Groups" page. The "Default" group has somewhat restricted access to the Unryo Platform.

To give your LDAP users different permissions, create a new group with your desired permissions. To make your LDAP users be a part of the new group, you will have to add either:

  • user-members that match your LDAP users or:
  • group-members that match one of the LDAP groups your LDAP user belongs to.

Let us illustrate with an example. By default, userNameField in the "User Search" step and groupNameField in the "Group Search" step of the LDAP configuration wizard are set to sAMAccountName and cn.

Suppose you have an LDAP user whose sAMAccountName is "Geraldo" and that he is a member of a group whose cn is "LDAPUnryoAdmins".

You can grant Geraldo admin privileges on your Unryo Platform by creating a new Unryo group with a user-member called "Geraldo". User-members are in fact regular expressions, so "Ge." and ".aldo" would also make Geraldo a part of the group.

You can also grant all members of "LDAPUnryoAdmins" admin privileges by adding a group-member called "LDAPUnryoAdmins" to an Unryo group with admin privileges. Like user-members, groups-members are regular expressions, so ".Unryo." would also work.