Articles in this section

LDAP Remote Authentication Set Up

Avatar
Karen Nguyen
Updated
Follow

Remote authentication is supported by Illuminate Education's products using Lightweight Directory Access Protocol (LDAP).

Enabling remote authentication requires users to use your authentication server to grant them access. Without proper configurations, users may not be able to reach the services provided by Illuminate’s products. If you are unsure how to proceed, please contact your district’s Customer Success Manager (CSM).

Note: If you need to change your IP address after LDAP has been enabled for your district, please send the new IP address to help@illuminateed.com so we can add it our whitelist.

Set Up Process

I. Configuring Remote Authentication

IP Address Configuration

Your remote authentication server will need to be accessible via the internet by Illuminate Education's IP address ranges on the specific port you wish to use. Visit Illuminate Whitelist Resource Center for details.

II. Username Set Up

Illuminate Data and Assessment (DnA) or Special Education (ISE) clients:

Your usernames in DnA/ISE must match the usernames in your authentication server. Please verify your users.txt file is importing nightly and that the usernames reflect what is present in your authentication server. You can check the usernames in Illuminate via the User Management page.

Note: Illuminate does not accept > < * characters.

Illuminate Student Information (ISI) clients:

Your usernames in ISI must match the usernames in your authentication server.  Review the User Management page to verify the usernames match. If you notice this is not the case, you can either (1) update one user at a time (which is okay for a few users) or (2) follow these steps below to perform a mass update:

  1. Access the file layout specifications for the users.txt file. Create a file that matches the import template.
  2. Save your users.txt file as a tab-delimited text file. Compress it as a ZIP. Note: The import file must be named "users.txt" or else the import will fail.
  3. Upload the file using the Gear > Core Data Import & Validation page. To review how to use this page, see the guide Processing a One-Time Import.
  4. Review the results in on the Gear > Core Data Import Log page.

Note: Illuminate does not accept > < * characters.

IV. Redundancy

If your authentication server goes offline, then your users will be unable to log in to Illuminate. It is recommended to provide more than one authentication server that the Illuminate system will automatically failover to in case the primary is unavailable.

V. Configuration

The configuration information at the bottom of this document needs to be filled out. This includes a username and password for us to test the authentication configuration, as well as connection information for your authentication server.

VI. Test Environment

With the information below we will set up a copy of your Illuminate site to create a testing environment. You will be asked to verify that Remote Authentication is working in this testing environment.

VII. Schedule

Once verified, a date and time will be set to enable remote authentication on your live environment. Please notify your users of this change and make sure they are aware their former login credentials will no longer be valid.  It is best to wait until Remote Authentication has been verified before setting this date.

Configuration Forms

There are various configurations that Illuminate supports for Users and/or Student Portal. Certain information will need to be provided to complete the setup process.

User LDAP Configuration

The following information will need to be provided:

  • LDAP Server Hostname:
  • LDAP Server IP Address:

 A valid public Root Certificate Authority cert is required.

  • Encryption (STARTTLS or SSL is Required):
  • LDAP Port (Typically TCP ports 389 for StartTLS or 636 for SSL):
  • Account DN Lookup Username:
  • Account DN Lookup Password:
  • Account Domain:
  • Base DN:
  • Account Filter / Field (uid, sAMAccountname, etc):
  • Test Account Username:
  • Test Account Password:

Root CA Certificate

We will need the Root CA Certificate generated from your domain controller. Here is documentation on how to generate this if needed:

Exporting the Certification Authority Certificates

Student Portal LDAP Configuration

Student Portal is an optional additional Illuminate product. To set up Remote Authentication for students via the Illuminate Portal, please also fill out the following details.

The following information will need to be provided:

  • Student Login ID Type (Username, E-Mail or Student ID):

 

  • LDAP Server Hostname:
  • LDAP Server IP Address:

A valid public Root Certificate Authority cert is required.

  • Encryption (StartTLS or SSL is Required):
  • LDAP Port (Typically TCP ports 389 for StartTLS or 636 for SSL):
  • Account DN Lookup Username:
  • Account DN Lookup Password:
  • Account Domain:
  • Base DN:
  • Account Filter / Field (uid, sAMAccountname, etc):
  • Test Account Username:
  • Test Account Password:

Root CA Certificate

We will need the Root CA Certificate generated from your domain controller. Here is documentation on how to generate this if needed:

Exporting the Certification Authority Certificates

Next Steps

Ready to set up LDAP for Illuminate? Send a ticket to Illuminate Support at help@illuminateed.com with your LDAP configuration information. Feel free to include your Customer Success Manager (CSM) in your request.

Related articles

Comments

0 comments

Please sign in to leave a comment.