# LDAP Configuration The Lightweight Directory Access Protocol (LDAP) allows your organization to connect Avo Assure with your corporate Active Directory (AD) or LDAP server. This enables centralized user authentication that is secure, consistent, and easy to manage. Integrating Avo Assure with your organization’s Active Directory (AD) or LDAP, users can log in using their corporate credentials. This removes the need for separate Avo Assure accounts and makes login easier. Onboarding and offboarding users in Avo Assure is easier because any changes made in the directory are automatically applied, allowing users to be granted or removed access promptly. ## Key Features and Benefits Here are the key advantages of using LDAP in Avo Assure: * **Single Login with Corporate Credentials** \ Users can log in to Avo Assure using their existing organization's username and password, so they don’t need separate accounts. * **Centralized User Management** \ Administrators can manage users, groups, and access permissions directly from the corporate directory, which automatically applies in Avo Assure. * **Enhanced Security** \ Passwords are not stored in Avo Assure. Authentication happens directly via the LDAP server ensuring corporate security policies are enforced. * **Simplified Onboarding and Offboarding** \ When a user is added or removed from the directory, their Avo Assure access is updated automatically reducing manual work and error. * **Audit and Compliance Support** \ Authentication events are logged through the LDAP/Active Directory, helping track access for audits and compliance. ## Terminologies * **LDAP (Lightweight Directory Access Protocol)**: Standard protocol for accessing and authenticating directory services such as Active Directory or OpenLDAP. * **AD (Active Directory)**: The system where your organization stores user accounts, groups, and permissions. Avo Assure uses it to verify user identities. * **TLS (Transport Layer Security) Certification**: A secure LDAP (LDAPS) connection typically requires an SSL/TLS certificate to encrypt communication. If you want LDAP over TLS, a valid and trusted certificate is mandatory to ensure secure and verified connectivity. * **DN (Distinguished Name)**: The full path to an object in the directory. Example: \ CN=ldap-user,OU=ServiceAccounts,DC=example,DC=com. * **CN (Common Name)**: The name of an object (e.g., a user, group, or device). * **OU (Organizational Unit)**: A logical container or folder within the directory that groups objects. * **DC (Domain Component)**: Part of the domain name. For example, DC=example,DC=com = example.com. * **Bind Principal**: The service account that Avo Assure uses to connect and query the LDAP directory. * **Bind Credentials**: The password for the Bind Principal account. ## This Document Includes: [Prerequisites](/avo-assure/administration/authentication-configuration/ldap-configuration/prerequisites.md) Prerequisites for configuring LDAP in Avo Assure. [Creating LDAP Configuration in Avo Assure](/avo-assure/administration/authentication-configuration/ldap-configuration/creating-ldap-configuration-in-avo-assure.md) Description of LDAP configuration feilds and steps to perform LDAP Configuration. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.avoautomation.com/avo-assure/administration/authentication-configuration/ldap-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.