Jama Connect User Guide

Configure LDAP authentication

LDAP (Lightweight Directory Access Protocol) is a tool for organizations to centralize the management of user accounts. Jama Connect includes a built-in integration for LDAP and Microsoft Active Directory.

LDAP must be configured before it can be used in Jama Connect to authenticate users against your LDAP server. 

To configure LDAP authentication:

  1. Log in to Jama Connect as the root user.

  2. Select System Properties > Authentication Properties > LDAP.

    configure_ldap.png
  3. Configure the authentication properties for the method you are using.

    • Enable LDAP — Select this to enable LDAP and disable the default Jama Connect authentication. Save the settings for changes to take effect.

    • Enable Self Registration — Users can register themselves by logging in to Jama Connect using their LDAP credentials. If successfully authenticated, they get a prompt to register for Jama Connect. Without self-registration, users must be added manually by an organization administrator. Once registered, users will be assigned a license type based the rules below. An organization or project administrator must then assign permissions for that user.

      • If there are available creator licenses, they are assigned a creator license.

      • If there are no named creator licenses, users are assigned floating creator licenses (shared among others).

      • If there are no creator or floating creator licenses available, you can still create users, but they are set to inactive. An organization administrator must manually assign the user an active license when one becomes available.

    • Default organization for self-registered user — Select the organization that self-registered users are assigned by default. There should only be one option.

    • Default user group for self-registered user — Select the default group to which a self-registered user should be assigned. Organization administrators will need to assign permissions to self-registered users. 

  4. You can configure multiple directories with LDAP authentication. To add a new provider, select Add AD Provider or Add LDAP Provider, depending on the LDAP tool you use.  

  5. In the window that opens, provide the following server information used to connect to the Active Directory or LDAP server, then click Next.

    ldap_user_1.png
    • Name — Name of the connection that will appear in the Jama Connect interface.

    • Description — Description of the connection that will appear in the Jama Connect interface.

    • URL — The URL to the Active Directory or LDAP server.

    • Bind DN — The reference to the account that Jama Connect will use to perform all actions against the Active Directory or LDAP server. This field accepts the Distinguished Name of the account ("cn=John Doe,ou=Users,dc=jamasoftware,dc=com").  

      Some Active Directory servers support the use of Full Name ("John Doe") or Email ("jdoe@domain.com").

    • Bind Password — The password of the Bind DN account.

    • Test Configuration — Select Test configuration to test for a successful connection to the specified server and bind account information. If successful, a "Configuration Successful" message will display in the window and the Base DN selection screen will expand.

    • Select the Base DN — The Base DN is the directory where users in Active Directory or LDAP exist that need to be added to Jama. Successfully tested configurations will load a radio button selection list of all available Base DNs.

  6. Specify the attributes in Active Directory and LDAP that automatically populates the Jama Connect user attributes.

    ldap_wizard_2.png
    • Username — Enter the username of a sample user that exists in the specified Base DN.

    • Username Attribute — Enter the attribute where the username value is stored (for example, Active Directory commonly uses "samaccountname"). 

  7. Select Next to validate that the provided username and username attribute exist. If successful, the window expands to show a selection list of all available attributes for each of the Jama Connect user attributes.

    • Jama User Attributes — First Name, Last Name, Full Name, Email, Location, Phone, Title. 

    • LDAP attribute — The selection drop-down shows all available directory attributes that are connected to the provided username. Select the correct value in the selection list that matches the Jama Connect user attribute.

  8. Select Advanced setup if you know all the details of the connection and user attribute values. If you choose this option, you must add the Full Name Attribute or errors will result.

    ldap_wizard_detailed.png
  9. After saving the connection, select Synchronize Now to manually sync all existing users in Jama Connect to LDAP. This updates user information with attributes from LDAP. 

Any Jama Connect users who are not registered in LDAP are deactivated. Users in LDAP that do not already exist in Jama Connect aren't synchronized. New users must be added manually with existing LDAP credentials.